Date: Wed, 23 Jun 2010 18:35:12 +0200 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org>, Michael Fleming <mfleming+rpm@...tfleminggent.com> CC: oss-security <oss-security@...ts.openwall.com>, Florian Streibelt <gentoo@...treibelt.de>, Mads Martin Joergensen <mmj@....dk>, "Morten K. Poulsen" <morten@...elingp.dk> Subject: CVE Request -- mlmmj -- Directory traversal flaw by editing and saving list entries via php-admin web interface Hi Steve, vendors, Florian Streibelt (yet in 2009) reported:  http://bugs.gentoo.org/show_bug.cgi?id=259968#c0 a directory traversal flaw in the way mlmmj (Mailing List Managing Made Joyful), mailing list manager, processed users requests to edit and save list entries, originating from php-admin web interface. A remote, authenticated attacker could use these flaws to alter integrity of the system (write and / or delete arbitrary files) by providing a specially-crafted list variable content to the edit or save request. Florian, please correct me, if I mangled the attack scenario, and it's slightly different. Martin, Morten, are these two issues known upstream yet? Is there a patch for them already? Steve, could you please allocate two CVE-2009-XXXX CVE ids? (One for 1, 'edit' case, second for 2, 'save' case.) [Searching "Master Copy of CVE" for "mlmmj" keyword returned nothing for me.] References:  http://bugs.gentoo.org/show_bug.cgi?id=259968  https://bugzilla.redhat.com/show_bug.cgi?id=607256 Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ