Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 15 Oct 2008 15:09:29 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security <oss-security@...ts.openwall.com>
cc: coley@...re.org
Subject: Re: CVE Request


On Fri, 10 Oct 2008, Josh Bressers wrote:

> dovecot: http://bugs.gentoo.org/show_bug.cgi?id=240409

CVE-2008-4577 and CVE-2008-4578, see below.

> graphviz: http://bugs.gentoo.org/show_bug.cgi?id=240636

CVE-2008-4555 (I assigned it but forgot to answer oss-security)

> fence: http://bugs.gentoo.org/show_bug.cgi?id=240576

CVE-2008-4579 for this bug, CVE-2008-4580 for Tomas' followup, see below.

- Steve


======================================================
Name: CVE-2008-4555
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4555
Reference: BUGTRAQ:20081008 Advisory: Graphviz Buffer Overflow Code Execution
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/497150/100/0/threaded
Reference: MISC:http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=240636
Reference: BID:31648
Reference: URL:http://www.securityfocus.com/bid/31648
Reference: SECUNIA:32186
Reference: URL:http://secunia.com/advisories/32186

Stack-based buffer overflow in the push_subg function in parser.y
(lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier
versions, allows user-assisted remote attackers to cause a denial of
service (memory corruption) or execute arbitrary code via a DOT file
with a large number of Agraph_t elements.


======================================================
Name: CVE-2008-4577
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4577
Reference: MLIST:[Dovecot-news] 20081005 v1.1.4 released
Reference: URL:http://www.dovecot.org/list/dovecot-news/2008-October/000085.html
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=240409
Reference: BID:31587
Reference: URL:http://www.securityfocus.com/bid/31587
Reference: FRSIRT:ADV-2008-2745
Reference: URL:http://www.frsirt.com/english/advisories/2008/2745
Reference: SECUNIA:32164
Reference: URL:http://secunia.com/advisories/32164

The ACL plugin in Dovecot before 1.1.4 treats negative access rights
as if they are positive access rights, which allows attackers to
bypass intended access restrictions.


======================================================
Name: CVE-2008-4578
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4578
Reference: MLIST:[Dovecot-news] 20081005 v1.1.4 released
Reference: URL:http://www.dovecot.org/list/dovecot-news/2008-October/000085.html
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=240409
Reference: BID:31587
Reference: URL:http://www.securityfocus.com/bid/31587
Reference: FRSIRT:ADV-2008-2745
Reference: URL:http://www.frsirt.com/english/advisories/2008/2745
Reference: SECUNIA:32164
Reference: URL:http://secunia.com/advisories/32164

The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass
intended access restrictions by using the "k" right to create
unauthorized "parent/child/child" mailboxes.


======================================================
Name: CVE-2008-4579
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4579
Reference: MISC:http://bugs.gentoo.org/show_bug.cgi?id=240576
Reference: MLIST:[oss-security] 20081013 Re: CVE Request
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/13/3

The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a)
fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode,
allows local users to append to arbitrary files via a symlink attack
on the apclog temporary file.


======================================================
Name: CVE-2008-4580
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4580
Reference: MLIST:[oss-security] 20081013 Re: CVE Request
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/13/3

fence_manual in fence allows local users to modify arbitrary files via
a symlink attack on the fence_manual.fifo temporary file.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.