Ticket #3903 (closed defect: fixed)

Opened 2 years ago

Last modified 23 months ago

Security Vulnerabilities - Possible SQL Injection using OGC filter encoding

Reported by: assefa Owned by: assefa
Priority: normal Milestone: 6.0.1 release
Component: Security/Vulnerability (Public) Version: unspecified
Severity: normal Keywords:
Cc: dmorissette, sdlime, jmckenna, aboudreault

Description (last modified by dmorissette) (diff)

This ticket is to track fixes to prevent SQL injections through OGC filter encoding (in WMS, WFS and SOS), as well as a potential SQL injection in WMS time support.

Your system may be vulnerable if it has MapServer with OGC protocols enabled, with layers connecting to an SQL RDBMS backend, either natively or via OGR.

All versions of MapServer 4.x, 5.x and 6.x are potentially vulnerable. All users are ** strongly encouraged ** to upgrade to one of the latest releases with the fixes.

Attachments

ticket3903_6.0.x.patch Download (24.5 KB) - added by dmorissette 23 months ago.
Patch against 6.0.x branch
ticket3903_5.6.x.patch Download (37.2 KB) - added by dmorissette 23 months ago.
Patch against 5.6.x branch
ticket3903_5.4.x.patch Download (37.0 KB) - added by dmorissette 23 months ago.
Patch against 5.4.x branch
ticket3903_5.2.x.patch Download (36.9 KB) - added by dmorissette 23 months ago.
Patch against 5.2.x branch
ticket3903_5.0.x.patch Download (36.4 KB) - added by dmorissette 23 months ago.
Patch against 5.0.x branch
ticket3903_4.10.x.patch Download (36.4 KB) - added by dmorissette 23 months ago.
Patch agaisnt 4.10.x branch

Change History

Changed 2 years ago by dmorissette

  • cc dmorissette added
  • description modified (diff)
  • milestone set to 6.0.1 release

Changed 23 months ago by dmorissette

  • cc sdlime, jmckenna, aboudreault added
  • component changed from WFS Server to Security/Vulnerability (Private)
  • description modified (diff)
  • summary changed from Possible SQL Injection using filter encding to Security Vulnerabilities - Possible SQL Injection using OGC filter encoding

Changed 23 months ago by assefa

commits: trunk is r11898 6.0 branch is r11890 5.6 branch is r11891 5.4 branch is r11892 5.2 branch is r11893 5.0 branch is r11894 4.10 branch is r11897

Changed 23 months ago by dmorissette

Note: the revisions above also contain fixes for potentially exploitable buffer overflows in OGC Filter Encoding support.

Versions 4.10 to 5.6 were potentially vulnerable and have been fixed. 6.0.0 already contained fixes for those problems.

Changed 23 months ago by dmorissette

Committed r11910 in SVN branch-6-0 (v6.0.1) and r11913 in SVN trunk to add missing #ifdef USE_POSTGIS in msPostGISEscapeSQLParam() to allow building without postgis support.

Changed 23 months ago by assefa

missed postgis function in patches 5.6 (r11914), 5.4 (r11916), 5.2 (r11921), 5.0 (r11922), 4.10 (r11915)

Changed 23 months ago by dmorissette

  • status changed from new to closed
  • resolution set to fixed
  • component changed from Security/Vulnerability (Private) to Security/Vulnerability (Public)

Changed 23 months ago by dmorissette

Fixes released in MapServer 6.0.1, 5.6.7 and 4.10.7:

 http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html

Changed 23 months ago by dmorissette

Patch against 6.0.x branch

Changed 23 months ago by dmorissette

Patch against 5.6.x branch

Changed 23 months ago by dmorissette

Patch against 5.4.x branch

Changed 23 months ago by dmorissette

Patch against 5.2.x branch

Changed 23 months ago by dmorissette

Patch against 5.0.x branch

Changed 23 months ago by dmorissette

Patch agaisnt 4.10.x branch

Note: See TracTickets for help on using tickets.