Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 19 Mar 2013 08:16:19 -0400
From: larry Cashdollar <larry0@...com>
To: oss-security@...ts.openwall.com
Subject: Fwd: CVE requests

Here is my CVE request I sent to mitre.

Begin forwarded message:

> From: larry Cashdollar <larry0@...com>
> Date: March 16, 2013, 8:40:05 AM AST
> To: "cve-assign@...re.org" <cve-assign@...re.org>
> Subject: Re: CVE requests
> 
> Hi, I've been asked to assign CVEs to the following vulnerabilities.
> 
> http://www.osvdb.org/show/osvdb/91232
> http://www.osvdb.org/show/osvdb/91231
> http://www.osvdb.org/show/osvdb/91230
> 
> Thanks again!
> 
> Larry C$
> 
> On Mar 15, 2013, at 4:01 PM, cve-assign@...re.org wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>>> Sorry I missed one:
>>> 
>>> http://osvdb.org/show/osvdb/90926
>> 
>> Use CVE-2013-2561.
>> 
>> 
>>> I didn't see CVEs for the following issue either:
>>> 
>>> http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt
>> 
>> Use CVE-2013-2562 for the storage of the cleartext MySQL database password in the document root.
>> 
>> Use CVE-2013-2563 for the storage of the admin password hash with unsafe permissions.
>> 
>> Use CVE-2013-2564 for the DoS.
>> 
>> Use CVE-2013-2565 for all of the path disclosure issues.
>> 
>> 
>>> Finally, http://osvdb.org/89910 is about a reportedly fixed
>>> vulnerability in an Oracle product.
>> 
>> Unfortunately, we still have not been able to complete our process for
>> assigning a CVE to this type of an Oracle product vulnerability. We
>> are continuing to pursue this and will let you know.
>> 
>> - -- 
>> CVE assignment team, MITRE CVE Numbering Authority
>> M/S M300
>> 202 Burlington Road, Bedford, MA 01730 USA
>> [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.11 (SunOS)
>> 
>> iQEcBAEBAgAGBQJRQ31jAAoJEGvefgSNfHMdwdkH/0vJgMovy8W8ydyZZ6OPo6/O
>> 9wHdQ/oKpa2KTBTyy8ojfoAD/ljAva77pQgNGimI7C02r3RwArbgFiSR7CcUodI7
>> +icKAATYCuX53jbBxrwhbXbYgOwW/1wg9uMFlTuuLz3EUi4MpO/ksDGgIYGCbRu8
>> i+MZRFCZp0p28n0Uu6Fy8Os3KXWsILtxPX+u6Su8xqWVE6yJ2yjuovB0OWXgstfD
>> F3Ca7CUhl5yaBkzdo4hkQded4DuaOXcHqT5ScTmhhf+nrZTrx+Pho4YjkylSJ3dl
>> Fd6MD6aI+GbRDmP1KdQsuGpB2zVW0KeHoy9QDATVNnLLKHX8/EL2n+Dv13HN9LI=
>> =94H1
>> -----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ