2013-01-11, 00:00:50
Good catch on the lang.
I checked for get exploits in my 3.2 audit, but missed this post traversal issue.
Ill roll that fix in to 3.2beta.
We will discuss a 3.1.3 patch release, but alot of fundamental flaws were fixed in 3.2 already.
I also found that we are not catching salt generation failures on install, which would allow the cookie issue to occur.
SVN already has a fix, I will probably add it to 3.2beta today.
We will also fatally die if there is no valid salt.
I am going to assume this issue only occurs on local installs or portable drives or windows hosts. I cannot reproduce a failure of creation of authorization.xml, but since there is no catch for its failure, it is important for everyone to check their installs.
We will probably also make sure health check contains a check for this stuff. Maybe we can patch it to for 3.1.2 for statuses.
I am going to say that the occurrence and exploit-ability of this cookie spoofing is probably very very low.
As for the drive by xss attacks on the lang exploits, there are a few others that are not protected by nonces, and pretty vulnerable to targeted attacks. So as with anything I suggest you avoid web browsing when you are using an
authenticated session. And do click unknown links when logged in to secure sites, as with anything.
I checked for get exploits in my 3.2 audit, but missed this post traversal issue.
Ill roll that fix in to 3.2beta.
We will discuss a 3.1.3 patch release, but alot of fundamental flaws were fixed in 3.2 already.
I also found that we are not catching salt generation failures on install, which would allow the cookie issue to occur.
SVN already has a fix, I will probably add it to 3.2beta today.
We will also fatally die if there is no valid salt.
I am going to assume this issue only occurs on local installs or portable drives or windows hosts. I cannot reproduce a failure of creation of authorization.xml, but since there is no catch for its failure, it is important for everyone to check their installs.
We will probably also make sure health check contains a check for this stuff. Maybe we can patch it to for 3.1.2 for statuses.
I am going to say that the occurrence and exploit-ability of this cookie spoofing is probably very very low.
As for the drive by xss attacks on the lang exploits, there are a few others that are not protected by nonces, and pretty vulnerable to targeted attacks. So as with anything I suggest you avoid web browsing when you are using an
authenticated session. And do click unknown links when logged in to secure sites, as with anything.