Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: PostfixAdmin SQL injections and XSS
From: Christian Boltz <oss-securrity () cboltz de>
Date: Thu, 26 Jan 2012 18:55:11 +0100

Hello,

Am Donnerstag, 26. Januar 2012 schrieb Kurt Seifried:
On 01/26/2012 04:07 AM, Christian Boltz wrote:
we (the upstream PostfixAdmin developers) received a report about
SQL injections and XSS in PostfixAdmin.

Please assign a CVE number to those issues.

The issues are fixed in PostfixAdmin 2.3.5, which I'll release
today or tomorrow.

For reference, here's the changelog with all details:
  - fix SQL injection in pacrypt() (if $CONF[encrypt] ==
  'mysql_encrypt') 
  - fix SQL injection in backup.php - the dump
  was not mysql_escape()d,>   
    therefore users could inject SQL (for example in the
    vacation message) which will be executed when restoring
    the database dump. WARNING: database dumps created with
    backup.php from 2.3.4 or older might>     
             contain malicious SQL. Double-check
             before using them!
  - fix XSS with $_GET[domain] in templates/menu.php and
  edit-vacation - fix XSS in some create-domain input fields
  - fix XSS in create-alias and edit-alias error message
  - fix XSS (by values stored in the database) in fetchmail list
  view, list-domain and list-virtual
  - create-domain: fix SQL injection (only exploitable by
  superadmins) 
  - add missing $LANG['pAdminDelete_admin_error']
  - don't mark mailbox targets with recipient delimiter as
  "forward only" 
  - wrap hex2bin with function_exists()  - PHP 5.3.8 has it 
  as native function

So basically we have two sets of vulnerabilities: multiple SQL
injections and multiple XSS vulnerabilities, correct?

Yes, correct.
(For completeness: the last 3 items ($LANG, the "forward only" marker 
and the hex2bin change) are non-security fixes.)


Gruß

Christian Boltz
-- 
/etc/sysconfig/powersave/cpufreq contains the line:
# the next lover CPU frequency. Increasing this value lowers the
             ^^^^^
we should keep that one ;)
[Michael Gross in https://bugzilla.novell.com/show_bug.cgi?id=183704]


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]