Giuseppe Iuculano
2009-Dec-26 18:04 UTC
[Secure-testing-team] Bug#562639: CVE-2009-4402 CVE-2009-3580 CVE-2009-3581 CVE-2009-3582 CVE-2009-3583 CVE-2009-3584
Package: sql-ledger
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for sql-ledger.
CVE-2009-4402[0]:
| The default configuration of SQL-Ledger 2.8.24 allows remote attackers
| to perform unspecified administrative operations by providing an
| arbitrary password to the admin interface.
CVE-2009-3580[1]:
| Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger
| 2.8.24 allows remote attackers to hijack the authentication of
| arbitrary users for requests that change a password via the login,
| new_password, and confirm_password parameters in a preferences action.
CVE-2009-3581[2]:
| Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger
| 2.8.24 allow remote authenticated users to inject arbitrary web script
| or HTML via (1) the DCN Description field in the Accounts Receivables
| menu item for Add Transaction, (2) the Description field in the
| Accounts Payable menu item for Add Transaction, or the name field in
| (3) the Customers menu item for Add Customer or (4) the Vendor menu
| item for Add Vendor.
CVE-2009-3582[3]:
| Multiple SQL injection vulnerabilities in the delete subroutine in
| SQL-Ledger 2.8.24 allow remote authenticated users to execute
| arbitrary SQL commands via the (1) id and possibly (2) db parameters
| in a Delete action to the output of a Vendors>Reports>Search
search
| operation.
CVE-2009-3583[4]:
| Directory traversal vulnerability in the Preferences menu item in
| SQL-Ledger 2.8.24 allows remote attackers to include and execute
| arbitrary local files via a .. (dot dot) in the countrycode field.
CVE-2009-3584[5]:
| SQL-Ledger 2.8.24 does not set the secure flag for the session cookie
| in an https session, which makes it easier for remote attackers to
| capture this cookie by intercepting its transmission within an http
| session.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4402
http://security-tracker.debian.org/tracker/CVE-2009-4402
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3580
http://security-tracker.debian.org/tracker/CVE-2009-3580
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3581
http://security-tracker.debian.org/tracker/CVE-2009-3581
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3582
http://security-tracker.debian.org/tracker/CVE-2009-3582
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3583
http://security-tracker.debian.org/tracker/CVE-2009-3583
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3584
http://security-tracker.debian.org/tracker/CVE-2009-3584
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAks2UC4ACgkQNxpp46476aqnFgCcDTCmNFfWryCQzP8BdtX+offK
NJMAn270NMaZzk7L00r7HWDMrCOGhe1D
=qtdH
-----END PGP SIGNATURE-----