Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#3903 closed defect (fixed)

Security Vulnerabilities - Possible SQL Injection using OGC filter encoding

Reported by: assefa Owned by: assefa
Priority: normal Milestone: 6.0.1 release
Component: Security/Vulnerability (Public) Version: unspecified
Severity: normal Keywords:
Cc: dmorissette, sdlime, jmckenna, aboudreault

Description (last modified by dmorissette)

This ticket is to track fixes to prevent SQL injections through OGC filter encoding (in WMS, WFS and SOS), as well as a potential SQL injection in WMS time support.

Your system may be vulnerable if it has MapServer with OGC protocols enabled, with layers connecting to an SQL RDBMS backend, either natively or via OGR.

All versions of MapServer 4.x, 5.x and 6.x are potentially vulnerable. All users are strongly encouraged to upgrade to one of the latest releases with the fixes.

Attachments (6)

ticket3903_6.0.x.patch (24.5 KB ) - added by dmorissette 12 years ago.
Patch against 6.0.x branch
ticket3903_5.6.x.patch (37.2 KB ) - added by dmorissette 12 years ago.
Patch against 5.6.x branch
ticket3903_5.4.x.patch (37.0 KB ) - added by dmorissette 12 years ago.
Patch against 5.4.x branch
ticket3903_5.2.x.patch (36.9 KB ) - added by dmorissette 12 years ago.
Patch against 5.2.x branch
ticket3903_5.0.x.patch (36.4 KB ) - added by dmorissette 12 years ago.
Patch against 5.0.x branch
ticket3903_4.10.x.patch (36.4 KB ) - added by dmorissette 12 years ago.
Patch agaisnt 4.10.x branch

Download all attachments as: .zip

Change History (14)

comment:1 by dmorissette, 12 years ago

Cc: dmorissette added
Description: modified (diff)
Milestone: 6.0.1 release

comment:2 by dmorissette, 12 years ago

Cc: sdlime jmckenna aboudreault added
Component: WFS ServerSecurity/Vulnerability (Private)
Description: modified (diff)
Summary: Possible SQL Injection using filter encdingSecurity Vulnerabilities - Possible SQL Injection using OGC filter encoding

comment:3 by assefa, 12 years ago

commits: trunk is r11898 6.0 branch is r11890 5.6 branch is r11891 5.4 branch is r11892 5.2 branch is r11893 5.0 branch is r11894 4.10 branch is r11897

comment:4 by dmorissette, 12 years ago

Note: the revisions above also contain fixes for potentially exploitable buffer overflows in OGC Filter Encoding support.

Versions 4.10 to 5.6 were potentially vulnerable and have been fixed. 6.0.0 already contained fixes for those problems.

comment:5 by dmorissette, 12 years ago

Committed r11910 in SVN branch-6-0 (v6.0.1) and r11913 in SVN trunk to add missing #ifdef USE_POSTGIS in msPostGISEscapeSQLParam() to allow building without postgis support.

comment:6 by assefa, 12 years ago

missed postgis function in patches 5.6 (r11914), 5.4 (r11916), 5.2 (r11921), 5.0 (r11922), 4.10 (r11915)

comment:7 by dmorissette, 12 years ago

Component: Security/Vulnerability (Private)Security/Vulnerability (Public)
Resolution: fixed
Status: newclosed

by dmorissette, 12 years ago

Attachment: ticket3903_6.0.x.patch added

Patch against 6.0.x branch

by dmorissette, 12 years ago

Attachment: ticket3903_5.6.x.patch added

Patch against 5.6.x branch

by dmorissette, 12 years ago

Attachment: ticket3903_5.4.x.patch added

Patch against 5.4.x branch

by dmorissette, 12 years ago

Attachment: ticket3903_5.2.x.patch added

Patch against 5.2.x branch

by dmorissette, 12 years ago

Attachment: ticket3903_5.0.x.patch added

Patch against 5.0.x branch

by dmorissette, 12 years ago

Attachment: ticket3903_4.10.x.patch added

Patch agaisnt 4.10.x branch

Note: See TracTickets for help on using tickets.