Moritz Mühlenhoff dijo [Tue, Dec 09, 2014 at 10:17:14PM +0100]: > > > I'm getting in touch with the authors right now. Thanks! > > > > http://collabtive.o-dyn.de/forum/viewtopic.php?f=11&t=8479 > > Gunnar, > is this fixed in the version in jessie?
Sorry for the delay for this reply!
I can confirm you that, from the three attacks mentioned in
exploit-db¹, attacks 1 and 3 do not work. As for attack 2 (the CSRF),
the description just reads:
Technically, attacker can create a specially crafted page and
force collabtive administrators to visit it and can gain
administrative privilege. For prevention from CSRF
vulnerabilities, application needs anti-csrf token, captcha and
asking old password for critical actions.
The refered site for the POC exploit² no longer exists, so I cannot
confirm whether it has been fixed or not. I can see from the forum
post you linked to that the author does not believe it to be a
realistic, important enough issue to worry about.
¹ http://www.exploit-db.com/exploits/15240/
² http://www.anatoliasecurity.com/exploits/collabtive-csrf-xploit.txt
signature.asc
Description: Digital signature
