GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Jan 12, 2009 11:26 pm Post subject: [ GLSA 200901-08 ] Online-Bookmarks: Multiple vulnerabilitie |
|
|
Gentoo Linux Security Advisory
Title: Online-Bookmarks: Multiple vulnerabilities (GLSA 200901-08)
Severity: normal
Exploitable: remote
Date: January 12, 2009
Bug(s): #235053
ID: 200901-08
Synopsis
Multiple vulnerabilities have been reported in Online-Bookmarks.
Background
Online-Bookmarks is a web-based bookmark management system to store your bookmarks, favorites and links.
Affected Packages
Package: www-apps/online-bookmarks
Vulnerable: < 0.6.28
Unaffected: >= 0.6.28
Architectures: All supported architectures
Description
The following vulnerabilities were reported: - Authentication bypass when directly requesting certain pages (CVE-2004-2155).
- Insufficient input validation in the login function in auth.inc (CVE-2006-6358).
- Unspecified cross-site scripting vulnerability (CVE-2006-6359).
Impact
A remote attacker could exploit these vulnerabilities to bypass authentication mechanisms, execute arbitrary SQL statements or inject arbitrary web scripts.
Workaround
There is no known workaround at this time.
Resolution
All Online-Bookmarks users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/online-bookmarks-0.6.28" |
References
CVE-2004-2155
CVE-2006-6358
CVE-2006-6359 |
|