SB2012010303 - Multiple vulnerabilities in pfsense

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2011-4197)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key.

2) Cross-site scripting (CVE-ID: CVE-2011-5047)

Vulnerability allows a remote attacker to perform Cross-site scripting attacks.

An input validation error exists in status_rrd_graph.php in pfSense before 2.0.1 when processing style parameter. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• http://archives.neohapsis.com/archives/bugtraq/2011-12/0152.html
• http://secunia.com/advisories/46780
• http://www.osvdb.org/77982
• http://www.securityfocus.com/bid/51169
• https://exchange.xforce.ibmcloud.com/vulnerabilities/71969
• https://github.com/bsdperimeter/pfsense/commit/1379d66f11aaf72982a70287b83e24efcd18898e
• https://github.com/bsdperimeter/pfsense/commit/87b4deb2b2dae9013e6aa0fe490d6a5a04a27894
• https://www.trustmatta.com/advisories/MATTA-2011-001.txt
• http://blog.pfsense.org/?p=633
• http://www.osvdb.org/77981
• https://exchange.xforce.ibmcloud.com/vulnerabilities/72090