Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 18 Jan 2014 22:52:08 +1300
From: Matthew Daley <mattd@...fuzz.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE requests / advisory: cxxtools <= 2.2, Tntnet
 <= 2.2

On Sat, Jan 18, 2014 at 10:46 PM, Henri Salo <henri@...v.fi> wrote:
> On Sat, Jan 18, 2014 at 02:43:23PM +1300, Matthew Daley wrote:
>> Hi,
>>
>> I'd like to request CVE IDs for these 2 issues. They were found in
>> software from the Tntnet Project (www.tntnet.org), which develop
>> Tntnet, an open-source web server for C++ web applications.
>>
>> This is the first such request and the issues are (now) public; this
>> message serves as an advisory as well.
>>
>>
>> * Issue #1
>>
>> Affected software: cxxtools
>> Description: By sending a crafted HTTP query parameter containing two
>> percent signs in a row, URL parsing would enter an infinite recursive
>> loop, leading to a crash. This allows a remote attacker to DOS the
>> server.
>> Affected versions: current releases (<= 2.2)
>> Fixed in version: 2.2.1
>> Fix: https://github.com/maekitalo/cxxtools/commit/142bb2589dc184709857c08c1e10570947c444e3
>> Release notes: http://www.tntnet.org/download/cxxtools-2.2.1/Releasenotes-2.2.1.markdown
>> Reported by: Julian Wiesener
>>
>>
>> * Issue #2
>>
>> Affected software: Tntnet
>> Description: By sending a crafted HTTP request that uses "\n" to end
>> its headers instead of the expected "\r\n", it is possible that
>> headers from a previous unrelated request will seemingly be appended
>> to the crafted request (due to a missing null termination). This
>> allows a remote attacker to use sensitive headers from other users'
>> requests in their own requests, such as cookies or HTTP authentication
>> credentials.
>> Affected versions: current releases  (<= 2.2)
>> Fixed in version: 2.2.1
>> Fix: https://github.com/maekitalo/tntnet/commit/9bd3b14042e12d84f39ea9f55731705ba516f525
>> and https://github.com/maekitalo/tntnet/commit/9d1a859e28b78bfbf769689454b529ac7709dee4
>> Release notes: http://www.tntnet.org/download/tntnet-2.2.1/Releasenotes-2.2.1.markdown
>> Reported by: Matthew Daley
>>
>> Please let me know if you need any further information.
>>
>> Thanks,
>>
>> - Matthew Daley
>
> Just a small note for assigner. These were fixed last year so should get 2013
> CVE IDs if I'm correct.

Sorry, I forgot to mention that. Yes, they were both reported and
fixed (in master, at least) in 2013.

- Matthew

>
> ---
> Henri Salo

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ