Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 25 Jun 2010 12:45:27 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Florian Streibelt <gentoo@...treibelt.de>,
        Mads Martin Joergensen <mmj@....dk>,
        "Morten K. Poulsen" <morten@...elingp.dk>,
        "Steven M. Christey" <coley@...us.mitre.org>,
        Michael Fleming <mfleming+rpm@...tfleminggent.com>
Subject: Re: CVE Request -- mlmmj -- Directory traversal flaw
 by editing and saving list entries via php-admin web interface

----- "Jan Lieskovsky" <jlieskov@...hat.com> wrote:

> Hi Steve, vendors,
> 
>    Florian Streibelt (yet in 2009) reported:
>    [1] http://bugs.gentoo.org/show_bug.cgi?id=259968#c0
> 
>    a directory traversal flaw in the way mlmmj (Mailing List Managing
>    Made Joyful), mailing list manager, processed users requests to edit
>    and save list entries, originating from php-admin web interface. A
>    remote, authenticated attacker could use these flaws to alter
>    integrity of the system (write and / or delete arbitrary files) by
>    providing a specially-crafted list variable content to the edit or
>    save request.
> 
>    Florian, please correct me, if I mangled the attack scenario, and it's
>    slightly different.
> 
>    Martin, Morten, are these two issues known upstream yet? Is there a
>    patch for them already?
> 
>    Steve, could you please allocate two CVE-2009-XXXX CVE ids?  (One for
>    1, 'edit' case, second for 2, 'save' case.) [Searching "Master Copy of
>    CVE" for "mlmmj" keyword returned nothing for me.]
> 

This should only need one ID. The flaw is unchecked input. Steve, if I'
mistaken, just yell.

CVE-2009-4896

Thanks

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ