mailing list archives
Re: CVE request: PostfixAdmin SQL injections and XSS
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 26 Jan 2012 13:54:12 -0700
Please assign a CVE number to those issues.
The issues are fixed in PostfixAdmin 2.3.5, which I'll release
today or tomorrow.
For reference, here's the changelog with all details:
- fix SQL injection in pacrypt() (if $CONF[encrypt] ==
- fix SQL injection in backup.php - the dump
was not mysql_escape()d,>
therefore users could inject SQL (for example in the
vacation message) which will be executed when restoring
the database dump. WARNING: database dumps created with
backup.php from 2.3.4 or older might>
contain malicious SQL. Double-check
before using them!
Please use CVE-2012-0811 for PostfixAdmin 2.3.4 multiple SQL vulnerabilities
- fix XSS with $_GET[domain] in templates/menu.php and
edit-vacation - fix XSS in some create-domain input fields
- fix XSS in create-alias and edit-alias error message
- fix XSS (by values stored in the database) in fetchmail list
Please use CVE-2012-0812 for PostfixAdmin 2.3.4 multiple XSS
So basically we have two sets of vulnerabilities: multiple SQL
injections and multiple XSS vulnerabilities, correct?
(For completeness: the last 3 items ($LANG, the "forward only" marker
and the hex2bin change) are non-security fixes.)
Kurt Seifried Red Hat Security Response Team (SRT)