Since sid is used as a string, here's a cheap way to increase its
complexity by more than 10^7 without increasing its length, simply
by adding mixed-case letters (this is what I've done on systems
where I use the application and it works fine):
--- /usr/share/ajaxterm/ajaxterm.js 2009-02-17 13:40:43.000000000 +0000
+++ ajaxterm.js 2009-05-17 17:49:30.000000000 +0000
@@ -3,7 +3,17 @@
var ie=0;
if(window.ActiveXObject)
ie=1;
- var sid=""+Math.round(Math.random()*1000000000);
+
+ // mitigate CVE-2009-1629
+ var sid_arr = (
"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" ).split();
+ var sid_inc = 0;
+ var sid_arr_pos = 0;
+ var sid = "";
+ for (sid_inc = 0 ; sid_inc < 10 ; sid_inc++){
+ sid_arr_pos = RandRange( 0, (sid_arr.length - 1), sid_inc );
+ sid += sid_arr[ sid_arr_pos ];
+ }
+
var query0="s="+sid+"&w="+width+"&h="+height;
var query1=query0+"&c=1&k=";
var buf="";
Further complexity can be added by putting additional safe
characters in sid_arr or increasing the iteration cap in the for
loop (thus extending the length of the string). Hope this helps!
--
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP([email protected]); IRC([email protected]#ccl); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER([email protected]);
MUD([email protected]:6669); WWW(http://fungi.yuggoth.org/); }
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
