Online-Bookmarks: Multiple vulnerabilities — GLSA 200901-08

Multiple vulnerabilities have been reported in Online-Bookmarks.

Affected Packages

www-apps/online-bookmarks on all architectures
Affected versions < 0.6.28
Unaffected versions >= 0.6.28

Background

Online-Bookmarks is a web-based bookmark management system to store your bookmarks, favorites and links.

Description

The following vulnerabilities were reported:

  • Authentication bypass when directly requesting certain pages (CVE-2004-2155).
  • Insufficient input validation in the login function in auth.inc (CVE-2006-6358).
  • Unspecified cross-site scripting vulnerability (CVE-2006-6359).

Impact

A remote attacker could exploit these vulnerabilities to bypass authentication mechanisms, execute arbitrary SQL statements or inject arbitrary web scripts.

Workaround

There is no known workaround at this time.

Resolution

All Online-Bookmarks users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/online-bookmarks-0.6.28"

References

Release Date
January 12, 2009

Latest Revision
January 12, 2009: 01

Severity
normal

Exploitable
remote

Bugzilla entries