Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Tue, 16 Dec 2008 20:31:51 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: coley@...re.org
Subject: Re:  Re: CVE Request - roundcubemail


On Sat, 13 Dec 2008, Florian Weimer wrote:

> * Ingrid wrote:
>
> > Therefore, I agree with Raphael that the issue has not been found yet.

The general issue of /e in preg_replace is covered by CWE-624 Executable
Regular Expression Error (http://cwe.mitre.org/data/definitions/624.html)
which has a couple other CVE examples.

I bet there's a chunk of these in various applications.  I believe Perl
has similar functionality.

Use CVE-2008-5619 for the issue.

Note there's a separate DoS issue, CVE-2008-5620.

- Steve

======================================================
Name: CVE-2008-5619
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5619
Reference: MISC:http://trac.roundcube.net/ticket/1485618
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=898542
Reference: CONFIRM:http://trac.roundcube.net/changeset/2148
Reference: FEDORA:FEDORA-2008-11220
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00783.html
Reference: FEDORA:FEDORA-2008-11234
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00802.html
Reference: MLIST:[oss-security] 20081212 CVE Request - roundcubemail
Reference: URL:http://www.openwall.com/lists/oss-security/2008/12/12/1
Reference: SECUNIA:33170
Reference: URL:http://secunia.com/advisories/33170

html2text.php in RoundCube Webmail (roundcubemail) 0.2-1.alpha and
0.2-3.beta allows remote attackers to execute arbitrary code via
crafted input that is processed by the preg_replace function with the
eval switch.


======================================================
Name: CVE-2008-5620
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5620
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=898542

RoundCube Webmail (roundcubemail) before 0.2-beta allows remote
attackers to cause a denial of service (memory consumption) via
crafted size parameters that are used to create a large quota image.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ