[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: serendipity xss (CVE-2007-6205)



Hi Thijs,
* Thijs Kinkhorst <thijs@debian.org> [2007-12-11 11:52]:
> On Tuesday 11 December 2007 09:37, nion@alioth.debian.org wrote:
> > Log:
> > CVE-2007-6205 fixed in serendipity 1.2.1-1
> 
> >  CVE-2007-6205
> >  	RESERVED
> > +	- serendipity 1.2.1-1 (low)
> 
> This issue is: XSS through remote RSS feeds.
> 
> I would rate it as unimportant myself: it requires using this specific plugin, 
> only with an OPML-format feed, and then the remote maintainer of that feed 
> needs to be interested in getting your password,

Or those by the users of the blog.

> and will need to put 
> malicious script into the url-parameter of that feed (breaking the feed for 
> everyone else, so it's noticable and tracable who did it). To me this 
> scenario sounds highly unlikely.

I agree that its not a real problem to notice this and to 
find out who it was but this does not help you if the 
sensitive information already was gathered. Remember that 
one important fact is also that there is no reason why you 
should trust the remote feed just because you added it. If 
someone gets access to the remote host providing the feed 
you can do a nice distributed user credentials cashing with 
this. Especially considering Moritz' comment on 
CVE-2007-1375 I think this should be low.

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgp6xmgN1PQxG.pgp
Description: PGP signature


Reply to: