Bug 65238 (CVE-2005-0085) - VUL-0: CVE-2005-0085: htdig: cross-site-scripting bug
Summary: VUL-0: CVE-2005-0085: htdig: cross-site-scripting bug
Status: RESOLVED FIXED
Alias: CVE-2005-0085
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2005-0085: CVSS v2 Base Score: 6....
Keywords:
Depends on:
Blocks:
 
Reported: 2005-01-27 20:50 UTC by Thomas Biege
Modified: 2021-10-27 15:51 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2005-01-27 20:50:48 UTC 
Hi, 
we received this from vendor-sec. (I think it's not public yet) 
 
From: Mark J Cox <mjc@redhat.com> 
To: vendor-sec@lst.de 
Cc: mikx@mikx.de, pknirsch@redhat.com 
Subject: [vendor-sec] CAN-2005-0085 htdig XSS (embargoed) 
Errors-To: vendor-sec-admin@lst.de 
Date: Thu, 27 Jan 2005 10:29:24 +0000 (GMT) 
 
htdig suffers from a cross site scripting flaw as found by Michael Krax. 
Looks like this one is different to the last and isn't based on bad 
templates.  The flaw doesn't seem to affect the htdig on htdig.org 
although there is no patch in CVS, so maybe they applied a quick patch 
themselves. 
 
..../cgi-bin/htsearch?config=%3Ch1%3Eboo%3C/h1%3E 
 
Proposed patch from Phil Knirsch attached, this is CAN-2005-0085. 
 
Currently embargoed with no date set, probably suggest say Feb10 1400UTC 
unless Michael has a preference. 
 
Cheers, Mark 
 
--- htdig-3.2.0b6/htsearch/htsearch.cc.unescaped_output 2005-01-25 
12:50:51.000000000 +0100 
+++ htdig-3.2.0b6/htsearch/htsearch.cc  2005-01-25 12:52:45.000000000 +0100 
@@ -211,8 +211,7 @@ 
        } 
        if (access((char*)configFile, R_OK) < 0) 
        { 
-           reportError(form("Unable to read configuration file '%s'", 
-                            configFile.get())); 
+           reportError("Unable to read configuration file"); 
        } 
        config->Read(configFile); 
 
--- htdig-3.2.0b6/htsearch/qtest.cc.unescaped_output    2005-01-25 
12:51:00.000000000 +0100 
+++ htdig-3.2.0b6/htsearch/qtest.cc     2005-01-25 12:51:19.000000000 +0100 
@@ -132,8 +132,7 @@ 
 
     if (access((char*)configFile, R_OK) < 0) 
     { 
-       reportError(form("Unable to find configuration file '%s'", 
-                        configFile.get())); 
+       reportError("Unable to find configuration file"); 
     } 
 
     config->Read(configFile);
Comment 1 Thomas Biege 2005-01-27 20:50:48 UTC 
<!-- SBZ_reproduce  -->
..../cgi-bin/htsearch?config=%3Ch1%3Eboo%3C/h1%3E
Comment 2 Thomas Biege 2005-01-27 20:51:04 UTC 
CAN-2005-0085
Comment 3 Karl Eichwalder 2005-01-27 23:58:31 UTC 
-------------------------------------------------------------------
Thu Jan 27 15:17:15 CET 2005 - ke@suse.de

- Fix a cross site scripting flaw as found by Michael Krax; apply the
  patch proposed by Phil Knirsch; CAN-2005-0085 [# 50238].

-------------------------------------------------------------------

Note, /work/src/done/8.1/htdig.new supersedes /work/src/done/8.1/htdig

Thomas offered to write patchinfo files.
Comment 4 Thomas Biege 2005-01-28 17:24:41 UTC 
 SM-Tracker-256
Comment 5 Thomas Biege 2005-01-28 17:25:49 UTC 
`patchinfo-box.htdig' -> `/work/src/done/PATCHINFO/patchinfo-box.htdig' 
`patchinfo.htdig' -> `/work/src/done/PATCHINFO/patchinfo.htdig'
Comment 6 Marcus Meissner 2005-02-02 20:06:54 UTC 
updates released.
Comment 7 Thomas Biege 2009-10-13 21:00:47 UTC 
CVE-2005-0085: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)