Date: Fri, 25 Jun 2010 12:45:27 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: Florian Streibelt <gentoo@...treibelt.de>, Mads Martin Joergensen <mmj@....dk>, "Morten K. Poulsen" <morten@...elingp.dk>, "Steven M. Christey" <coley@...us.mitre.org>, Michael Fleming <mfleming+rpm@...tfleminggent.com> Subject: Re: CVE Request -- mlmmj -- Directory traversal flaw by editing and saving list entries via php-admin web interface ----- "Jan Lieskovsky" <jlieskov@...hat.com> wrote: > Hi Steve, vendors, > > Florian Streibelt (yet in 2009) reported: >  http://bugs.gentoo.org/show_bug.cgi?id=259968#c0 > > a directory traversal flaw in the way mlmmj (Mailing List Managing > Made Joyful), mailing list manager, processed users requests to edit > and save list entries, originating from php-admin web interface. A > remote, authenticated attacker could use these flaws to alter > integrity of the system (write and / or delete arbitrary files) by > providing a specially-crafted list variable content to the edit or > save request. > > Florian, please correct me, if I mangled the attack scenario, and it's > slightly different. > > Martin, Morten, are these two issues known upstream yet? Is there a > patch for them already? > > Steve, could you please allocate two CVE-2009-XXXX CVE ids? (One for > 1, 'edit' case, second for 2, 'save' case.) [Searching "Master Copy of > CVE" for "mlmmj" keyword returned nothing for me.] > This should only need one ID. The flaw is unchecked input. Steve, if I' mistaken, just yell. CVE-2009-4896 Thanks -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ