Joined: 12 May 2004
|Posted: Mon Jan 12, 2009 11:26 pm Post subject: [ GLSA 200901-08 ] Online-Bookmarks: Multiple vulnerabilitie
|Gentoo Linux Security Advisory
Title: Online-Bookmarks: Multiple vulnerabilities (GLSA 200901-08)
Date: January 12, 2009
Multiple vulnerabilities have been reported in Online-Bookmarks.
Online-Bookmarks is a web-based bookmark management system to store your bookmarks, favorites and links.
Vulnerable: < 0.6.28
Unaffected: >= 0.6.28
Architectures: All supported architectures
The following vulnerabilities were reported:
- Authentication bypass when directly requesting certain pages (CVE-2004-2155).
- Insufficient input validation in the login function in auth.inc (CVE-2006-6358).
- Unspecified cross-site scripting vulnerability (CVE-2006-6359).
A remote attacker could exploit these vulnerabilities to bypass authentication mechanisms, execute arbitrary SQL statements or inject arbitrary web scripts.
There is no known workaround at this time.
All Online-Bookmarks users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/online-bookmarks-0.6.28"