Namazu namazu.cgi cross-site scripting vulnerability(CA.com)
Namazu namazu.cgi cross-site scripting vulnerability(CA.com)
Date Discovered: December 22, 2004
Date Published: January 29, 2005
Last Updated: January 29, 2005
Vulnerability ID: 32098
Discovered by: anonymous
Exploitable Locally: No
Exploitable Remotely: Yes
Impact: Remote attackers can launch cross-site scripting attacks.
Root Cause: Software Vulnerability
Namazu contains a vulnerability that can allow remote attackers to launch cross-site scripting attacks. The vulnerability is due to improper filtering of queries that start with a tab (%09) character in namazu.cgi. Remote attackers can exploit the vulnerability to inject arbitrary HTML and launch a variety of cross-site scripting attacks.
Recommendations
Namazu 2.0.14
Update to version 2.0.14
http://namazu.org/#download
Fedora namazu patches
Fedora Core 2:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/SRPMS/namazu-2.0.14-0.FC2.0.src.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/namazu-cgi-2.0.14-0.FC2.0.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/namazu-2.0.14-0.FC2.0.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/debug/namazu-debuginfo-2.0.14-0.FC2.0.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/namazu-devel-2.0.14-0.FC2.0.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/namazu-cgi-2.0.14-0.FC2.0.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/namazu-2.0.14-0.FC2.0.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/debug/namazu-debuginfo-2.0.14-0.FC2.0.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/namazu-devel-2.0.14-0.FC2.0.i386.rpm
Fedora Core 3:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/SRPMS/namazu-2.0.14-0.FC3.0.src.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/namazu-cgi-2.0.14-0.FC3.0.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/namazu-2.0.14-0.FC3.0.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/debug/namazu-debuginfo-2.0.14-0.FC3.0.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/namazu-devel-2.0.14-0.FC3.0.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/namazu-cgi-2.0.14-0.FC3.0.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/namazu-2.0.14-0.FC3.0.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/debug/namazu-debuginfo-2.0.14-0.FC3.0.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/namazu-devel-2.0.14-0.FC3.0.i386.rpm
DSA 627-1
Debian 3.0:
Source archives:
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3.dsc
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3.diff.gz
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10.orig.tar.gz
Architecture independent components:
http://security.debian.org/pool/updates/main/n/namazu2/namazu2-common_2.0.10-1woody3_all.deb
http://security.debian.org/pool/updates/main/n/namazu2/namazu2-index-tools_2.0.10-1woody3_all.deb
Alpha architecture:
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_alpha.deb
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_alpha.deb
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_alpha.deb
ARM architecture:
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_arm.deb
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_arm.deb
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_arm.deb
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_i386.deb
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_i386.deb
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_i386.deb
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_ia64.deb
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_ia64.deb
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_ia64.deb
HP Precision architecture:
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_hppa.deb
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_hppa.deb
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_hppa.deb
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_m68k.deb
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_m68k.deb
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_m68k.deb
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_mips.deb
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_mips.deb
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_mips.deb
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_mipsel.deb
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_mipsel.deb
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_mipsel.deb
PowerPC architecture:
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_powerpc.deb
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_powerpc.deb
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_powerpc.deb
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_s390.deb
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_s390.deb
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_s390.deb
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_sparc.deb
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_sparc.deb
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_sparc.deb
Vendor advisory:
DSA 627-1
SuSE-SR:2005:001 - namazu
SuSE 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/namazu-devel-2.0.12-170.2.i586.rpm
SuSE 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/namazu-2.0.12-169.2.i586.rpm
SuSE 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/namazu-2.0.12-172.i586.rpm
SuSE 8.2:
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/namazu-2.0.12-172.i586.rpm
Affected Technologies
Debian: Debian Linux 3.0
Namazu Project : Namazu 2.0.13
Namazu Project : Namazu 2.0.8
Namazu Project : Namazu 2.0.9
Red Hat: Fedora Core 2
Red Hat: Fedora Core 3
SuSE: SuSE Linux 8.2
SuSE: SuSE Linux 9.0
SuSE: SuSE Linux 9.1
SuSE: SuSE Linux 9.2
References
Mitre CVE: CAN-2004-1318
Source : Computer Associates International
www.ca.com
- Chrome comes to Android, but only for the 1 percent
A beta version of Chrome for Android is available to people running Ice Cream Sandwich.
- Microsoft to roll out wave of native mobile apps for its CRM software
Windows Phone 7, iOS, Android and BlackBerry will all be represented.
- Apple to sell 60m iPads in 2012 - analyst
- Cloudyn monitors and optimizes AWS usage
- Micron appoints COO Durcan as CEO after Appleton´s death
- Kinect for Xbox 360 Teams With NFL PLAY 60 and Drew Brees to Unveil ´Kinect for Xbox 360 Super Sunday Challenge´
- Profitero Named IBM Global Entrepreneur of the Year
- IBM Completes Acquisition of Emptoris to Expand Smarter Commerce Initiative
- Lease program would offer users new phone every year
- 162,000 sign petition targeting Apple\'s Chinese factory conditions
Member of IVSZ
Member of SZEK
Acer Affinity Gold partner
Dell Registered Partner
OKI System Shinrai Partner
XEROX Viszonteladó
APC megbízható szállító
EATON Authorized Partner
Cisco partner
Symantec Software Partner
ESET Partner
FUJITSU partner
LENOVO Premium Partner
IBM Business Partner
PARTNERS: Computerworld.hu | GameStar.hu | PCWorld.hu | SG.hu | PC Guru | Hitel