Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 7 Dec 2010 15:18:31 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE requests: IO::Socket::SSL, cakephp,
 collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo

This is a great request, thanks. It's quite large but you gave me enough
info that it's not killed me to figure it out.

Steve, I have a request for MITRE to handle at the bottom.

Thanks.

----- "Raphael Geissert" <geissert@...ian.org> wrote:

> 
> IO::Socket::SSL: unexpected fallback to VERIFY_NONE if certificate
> file(s) 
> are not specified.
> http://bugs.debian.org/606058
> http://secunia.com/advisories/42508/

CVE-2010-4334


> 
> cakephp: code execution via unserialize() call with untrusted data
> http://malloc.im/CakePHP-unserialize.txt
> https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb
> http://secunia.com/advisories/42211/

CVE-2010-4335


> 
> collectd: DoS via the RRDtool and RRDCacheD plugins
> http://bugs.debian.org/605092
> http://secunia.com/advisories/42393/

CVE-2010-4336


> 
> gnash: insecure handling of temp files at build-time
> http://bugs.debian.org/605419
> http://secunia.com/advisories/42416/

CVE-2010-4337


> 
> ocrodjvu: insecure handling of temp files
> http://bugs.debian.org/598134

CVE-2010-4338


> 
> hypermail: XSS
> http://bugs.debian.org/598743

CVE-2010-4339


> 
> libcloud: "doesn't verify ssl certificate"
> It appears that what it doesn't verify is the certificate's CN. From
> the 
> references provided in the Debian bug report it looks like it is a 
> widespread issue on the SSL implementations in Python.
> Not sure how MITRE would like to handle those.
> 
> http://bugs.debian.org/598463
> https://github.com/tjfontaine/linode-python/issues/issue/1#issue/1

MITRE weighed in on this. Python *should* get the ID, but each fixed app
also gets one.
CVE-2010-4340



Steve, can MITRE take the one below. It's quite large and I don't have time
to do it right now. Thanks.

> piwigo:
> a1) CSRF
> a2) SQL injection
> a3) stored XSS
> http://secunia.com/advisories/41365/
> http://piwigo.org/releases/2.1.3
> http://www.exploit-db.com/exploits/14973/
> (the issues mentioned by the exploit-db entry appear to be the same
> that 
> were fixed in 2.1.3)
> b) search.php SQL injection
> http://secunia.com/advisories/38305/
> http://piwigo.org/releases/2.0.8
> c) CSRF in the admin panel:
> http://secunia.com/advisories/37681/
> http://www.exploit-db.com/exploits/10417
> (the exploit-db entry details two other issues, but are "admin-only"
> -- feel 
> free to assign or ignore those.)
> 

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ