Bugtraq mailing list archives
Suggested Fix for CVE-2006-4299
From: Michael Jennings <mej () kainx org>
Date: Fri, 25 Aug 2006 20:10:52 -0400
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4299 http://www.securityfocus.com/bid/19654 Since the vendor appears to be asleep at the wheel, and Google turned up nothing helpful, I've attempted my own fix for this vulnerability. As I've found no exploit code to speak of, can anyone confirm that this fix does indeed correct the issue? tikiwiki-1.9.4-cve_2006_4299.patch: diff -Nur -x '*.orig' -x '*.rej' tikiwiki-1.9.4/tiki-searchindex.php mezzanine_patched_tikiwiki-1.9.4/tiki-searchindex.php --- tikiwiki-1.9.4/tiki-searchindex.php 2006-08-25 20:04:38.000000000 -0400 +++ mezzanine_patched_tikiwiki-1.9.4/tiki-searchindex.php 2006-08-25 20:04:25.000000000 -0400 @@ -22,7 +22,7 @@ } if(isset($_REQUEST["highlight"]) && !empty($_REQUEST["highlight"])) { - $_REQUEST["words"]=$_REQUEST["highlight"]; + $_REQUEST["words"]=htmlspecialchars($_REQUEST["highlight"]); } if ($feature_search_stats == 'y') { Thanks, Michael -- Michael Jennings (a.k.a. KainX) http://www.kainx.org/ <mej () kainx org> n + 1, Inc., http://www.nplus1.net/ Author, Eterm (www.eterm.org) ----------------------------------------------------------------------- "My shoes are too tight, but it doesn't matter because I have forgotten how to dance." -- Peter Jurasik (Ambassador Londo Mollari), "Babylon Five"
Current thread:
- Suggested Fix for CVE-2006-4299 Michael Jennings (Aug 26)