Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 18 Jan 2014 11:46:14 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: Re: CVE requests / advisory: cxxtools <= 2.2, Tntnet
 <= 2.2

On Sat, Jan 18, 2014 at 02:43:23PM +1300, Matthew Daley wrote:
> Hi,
> 
> I'd like to request CVE IDs for these 2 issues. They were found in
> software from the Tntnet Project (www.tntnet.org), which develop
> Tntnet, an open-source web server for C++ web applications.
> 
> This is the first such request and the issues are (now) public; this
> message serves as an advisory as well.
> 
> 
> * Issue #1
> 
> Affected software: cxxtools
> Description: By sending a crafted HTTP query parameter containing two
> percent signs in a row, URL parsing would enter an infinite recursive
> loop, leading to a crash. This allows a remote attacker to DOS the
> server.
> Affected versions: current releases (<= 2.2)
> Fixed in version: 2.2.1
> Fix: https://github.com/maekitalo/cxxtools/commit/142bb2589dc184709857c08c1e10570947c444e3
> Release notes: http://www.tntnet.org/download/cxxtools-2.2.1/Releasenotes-2.2.1.markdown
> Reported by: Julian Wiesener
> 
> 
> * Issue #2
> 
> Affected software: Tntnet
> Description: By sending a crafted HTTP request that uses "\n" to end
> its headers instead of the expected "\r\n", it is possible that
> headers from a previous unrelated request will seemingly be appended
> to the crafted request (due to a missing null termination). This
> allows a remote attacker to use sensitive headers from other users'
> requests in their own requests, such as cookies or HTTP authentication
> credentials.
> Affected versions: current releases  (<= 2.2)
> Fixed in version: 2.2.1
> Fix: https://github.com/maekitalo/tntnet/commit/9bd3b14042e12d84f39ea9f55731705ba516f525
> and https://github.com/maekitalo/tntnet/commit/9d1a859e28b78bfbf769689454b529ac7709dee4
> Release notes: http://www.tntnet.org/download/tntnet-2.2.1/Releasenotes-2.2.1.markdown
> Reported by: Matthew Daley
> 
> Please let me know if you need any further information.
> 
> Thanks,
> 
> - Matthew Daley

Just a small note for assigner. These were fixed last year so should get 2013
CVE IDs if I'm correct.

---
Henri Salo

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ