Package: liblemonldap-ng-portal-perl
Version: 0.9.2-1.1
Severity: normal
Tags: patch,security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
LEMONLDAP::NG portal is vulnerable to XSS attack. Here is the patch.
Note that 0.9.3.2 version (included in unstable branch) is not vulnerable.
- -- System Information:
Debian Release: 5.0
APT prefers testing
APT policy: (800, 'testing'), (800, 'stable'), (600, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages liblemonldap-ng-portal-perl depends on:
ii libapache-session-perl 1.86-1 Perl modules for keeping persisten
ii libhtml-template-perl 2.9-1 HTML::Template : A module for usin
ii liblemonldap-ng-conf-perl 0.9.2-1.1 Lemonldap::NG apache administratio
ii libnet-ldap-perl 1:0.36-1 A Client interface to LDAP servers
liblemonldap-ng-portal-perl recommends no packages.
Versions of packages liblemonldap-ng-portal-perl suggests:
ii libcgi-session-perl 4.35-1 Persistent session data in CGI app
ii liblasso-perl 2.2.1-2 Library for Liberty Alliance and S
ii slapd 2.4.11-1 OpenLDAP server (slapd)
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAklwWlMACgkQZ9okSKmj7dV2FQCfaTzgNHMywl8h2sk/UD1825y8
w5sAni5ddY0cUPDzFfNnUFHGfMp9/wSl
=R3In
-----END PGP SIGNATURE-----
diff -aburN lemonldap-ng-0.9.2/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm lemonldap-ng-0.9.2-patched/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm
--- lemonldap-ng-0.9.2/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm 2008-06-06 14:26:33.000000000 +0200
+++ lemonldap-ng-0.9.2-patched/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm 2009-01-08 16:42:32.000000000 +0100
@@ -51,6 +51,7 @@
# * PE_PP_ACCOUNT_LOCKED 21
# * PE_PP_PASSWORD_EXPIRED 22
# * PE_CERTIFICATEREQUIRED 23
+# * PE_ERROR 24
# Not used in errors:
# * PE_DONE -1
@@ -82,6 +83,7 @@
"Votre compte est bloqué",
"Votre mot de passe a expiré",
"Certificat exigé",
+ "Erreur",
];
}
@@ -111,6 +113,7 @@
"Your account is locked",
"Your password has expired",
"Certificate required",
+ 'Error',
];
}
@@ -140,5 +143,6 @@
"Contul dvs. este blocat",
"Parola dvs. a expirat",
"Certificat cerut",
+ 'Eroare',
];
}
diff -aburN lemonldap-ng-0.9.2/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm lemonldap-ng-0.9.2-patched/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
--- lemonldap-ng-0.9.2/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm 2008-06-13 16:38:03.000000000 +0200
+++ lemonldap-ng-0.9.2-patched/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm 2009-01-08 16:42:55.000000000 +0100
@@ -198,7 +198,25 @@
sub controlUrlOrigin {
my $self = shift;
if ( $self->param('url') ) {
+
+ # REJECT NON BASE64 URL
+ if ( $self->param('url') =~ m#[^A-Za-z0-9\+/=]# ) {
+ print STDERR "WARNING : seams to have an XSS attack\n";
+ return PE_ERROR;
+ }
+
$self->{urldc} = decode_base64( $self->param('url') );
+ $self->{urldc} =~ s/[\r\n]//sg;
+
+ # REJECT [\0<'"`] in URL or encoded '%'
+ if (
+ $self->{urldc} =~ /(?:\0|<|'|"|`|\%(?:00|25|3C|22|27|2C))/
+ )
+ {
+ delete $self->{urldc};
+ print STDERR "WARNING : seams to have an XSS attack\n";
+ return PE_ERROR;
+ }
}
PE_OK;
}
