850925 – (CVE-2013-4415) VUL-1: CVE-2013-4415: spacewalk: PAGE_SIZE_LABEL_SELECTED cross-site scripting (XSS)

Bug 850925 (CVE-2013-4415) - VUL-1: CVE-2013-4415: spacewalk: PAGE_SIZE_LABEL_SELECTED cross-site scripting (XSS)

Summary: VUL-1: CVE-2013-4415: spacewalk: PAGE_SIZE_LABEL_SELECTED cross-site scriptin...

Status:	RESOLVED FIXED

Alias:	CVE-2013-4415

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Deadline:	2014-01-31
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:sle11-sp2:55953
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2013-11-18 15:42 UTC by Thomas Biege
Modified:	2014-02-11 18:07 UTC (History)
CC List:	4 users (show)

See Also:	https://bugzilla.redhat.com/show_bug.cgi?id=979452
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Biege 2013-11-18 15:42:01 UTC

From RH:

Jan Lieskovsky 2013-06-28 11:14:12 EDT
Multiple cross-site scripting (XSS) flaws were found in the way Red Hat Satellite and Spacewalk services used to sanitize content of various query string (QS) variables when performing search for various entities:

* when performing search for software channels value of 'whereCriteria' QS variable was incorrectly sanitized,

* when performing search for scap audit results the values of the following QS variables were incorrectly sanitized:

    'end_year', 'start_hour', 'end_am_pm', 'end_day', 'end_hour', 'end_minute', 'end_month', 'end_year', 'optionScanDateSearch', 'result_filter', 'search_string', 'show_as', 'start_am_pm', 'start_day', 'start_hour', 'start_minute', 'start_month', 'start_year', and 'whereToSearch',

* when performing search for errata the values of the following QS variables were incorrectly sanitized:

    'end_minute', 'end_month', 'end_year', 'errata_type_bug', 'errata_type_enhancement', 'errata_type_security', 'fineGrained', 'list_1892635924_sortdir', 'optionIssueDateSearch', 'start_am_pm', 'start_day', 'start_hour', 'start_minute', 'start_month', 'start_year', and 'view_mode',

* when performing search for systems the value of the 'fineGrained' QS variable was incorrectly sanitized.

Remote attacker could provide a specially-crafted web page that, when visited by authenticated Red Hat Satellite or Spacewalk user would lead to arbitrary HTML or web script execution in the context of Red Hat Satellite's / Spacewalk's user's session.

Comment 1 Thomas Biege 2013-11-18 15:42:13 UTC

https://bugzilla.redhat.com/show_bug.cgi?id=979452

Comment 4 Swamp Workflow Management 2013-11-18 23:00:16 UTC

bugbot adjusting priority

Comment 11 Swamp Workflow Management 2014-01-17 12:37:28 UTC

The SWAMPID for this issue is 55894.
This issue was rated as moderate.
Please submit fixed packages until 2014-01-31.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 18 Alexander Bergmann 2014-02-10 17:38:35 UTC

Public now.

Comment 19 Marcus Meissner 2014-02-11 11:03:14 UTC

released

Comment 20 Swamp Workflow Management 2014-02-11 14:46:34 UTC

Update released for: spacewalk-backend, spacewalk-backend-app, spacewalk-backend-applet, spacewalk-backend-config-files, spacewalk-backend-config-files-common, spacewalk-backend-config-files-tool, spacewalk-backend-iss, spacewalk-backend-iss-export, spacewalk-backend-libs, spacewalk-backend-package-push-server, spacewalk-backend-server, spacewalk-backend-sql, spacewalk-backend-sql-oracle, spacewalk-backend-sql-postgresql, spacewalk-backend-tools, spacewalk-backend-xml-export-libs, spacewalk-backend-xmlrpc, spacewalk-backend-xp, spacewalk-base, spacewalk-base-minimal, spacewalk-certs-tools, spacewalk-dobby, spacewalk-grail, spacewalk-html, spacewalk-proxy, spacewalk-proxy-broker, spacewalk-proxy-common, spacewalk-proxy-management, spacewalk-proxy-package-manager, spacewalk-proxy-redirect, spacewalk-pxt, spacewalk-sniglets, spacewalk-web
Products:
SUSE-MANAGER-PROXY 1.7 (x86_64)

Comment 21 Swamp Workflow Management 2014-02-11 14:57:06 UTC

Update released for: spacewalk-backend, spacewalk-backend-app, spacewalk-backend-applet, spacewalk-backend-config-files, spacewalk-backend-config-files-common, spacewalk-backend-config-files-tool, spacewalk-backend-iss, spacewalk-backend-iss-export, spacewalk-backend-libs, spacewalk-backend-package-push-server, spacewalk-backend-server, spacewalk-backend-sql, spacewalk-backend-sql-oracle, spacewalk-backend-sql-postgresql, spacewalk-backend-tools, spacewalk-backend-xml-export-libs, spacewalk-backend-xmlrpc, spacewalk-backend-xp, spacewalk-base, spacewalk-base-minimal, spacewalk-branding, spacewalk-certs-tools, spacewalk-dobby, spacewalk-grail, spacewalk-html, spacewalk-java, spacewalk-java-config, spacewalk-java-lib, spacewalk-java-oracle, spacewalk-java-postgresql, spacewalk-java-tests, spacewalk-pxt, spacewalk-search, spacewalk-sniglets, spacewalk-taskomatic, spacewalk-utils, spacewalk-web, susemanager, susemanager-tools
Products:
SUSE-MANAGER 1.7 (x86_64)

Comment 22 Swamp Workflow Management 2014-02-11 18:05:34 UTC

SUSE-SU-2014:0222-1: An update that solves 5 vulnerabilities and has 6 fixes is now available.

Category: security (moderate)
Bug References: 834415,846356,850925,850927,850928,850929,850930,853913,854090,858197,858652
CVE References: CVE-2010-2236,CVE-2012-6149,CVE-2013-1869,CVE-2013-1871,CVE-2013-4415
Sources used:
SUSE Manager 1.7 for SLE 11 SP2 (src):    spacewalk-backend-1.7.38.31-0.5.1, spacewalk-branding-1.7.1.11-0.5.1, spacewalk-certs-tools-1.7.3.11-0.5.1, spacewalk-java-1.7.54.30-0.5.1, spacewalk-search-1.7.3.12-0.5.1, spacewalk-utils-1.7.15.12-0.5.3, spacewalk-web-1.7.28.20-0.5.1, susemanager-1.7.27-0.5.2

Comment 23 Swamp Workflow Management 2014-02-11 18:07:51 UTC

SUSE-SU-2014:0223-1: An update that solves one vulnerability and has four fixes is now available.

Category: security (moderate)
Bug References: 846356,850925,853913,854090,855610
CVE References: CVE-2013-4415
Sources used:
SUSE Manager Proxy 1.7 for SLE 11 SP2 (src):    spacewalk-backend-1.7.38.31-0.5.1, spacewalk-certs-tools-1.7.3.11-0.5.1, spacewalk-proxy-1.7.12.14-0.5.1, spacewalk-web-1.7.28.20-0.5.1