Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 2 Mar 2011 18:05:45 -0500 (EST)
From: "Steven M. Christey" <coley@...-smtp.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE requests: freebsd kernel/tesseract/xinha/proftpd


On Mon, 21 Feb 2011, Moritz Muehlenhoff wrote:

> 1. FreeBSD kernel: local DoS
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=613312
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611476
> http://www.exploit-db.com/exploits/16064/
> http://svn.debian.org/wsvn/glibc-bsd/branches/squeeze/kfreebsd-8/debian/patches/000_tcp_usrreq.diff

Use CVE-2011-1132

> 2. Xinha: Multiple vulnerabilities
> (The code is included in a few web apps, e.g. serendipity, openacs or dotlrn)
> http://secunia.com/advisories/40669/

CVE-2011-1133 - XSS in mode param to 
plugins/ExtendedFileManager/backend.php (David Vieira-Kurz)

CVE-2011-1134 - file upload

CVE-2011-1135 - XSS at end of URL to 
plugins/ExtendedFileManager/manager.php and 
plugins/ImageManager/manager.php (Riss McRee)


> 3. tesseract: Insecure temp file handling
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612032

CVE-2011-1136

> 4. proftpd mod_sftp integer overflow
> http://bugs.proftpd.org/show_bug.cgi?id=3586
> http://www.exploit-db.com/exploits/16129/

CVE-2011-1137


- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.