Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 27 Feb 2014 08:07:21 -0500 (EST)
From: cve-assign@...re.org
To: d.cauquil@...dream.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: PLOGGER 1.0RC1 multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> We found two vulnerabilities in PLOGGER version 1.0RC1, including:


> 1. Authenticated Arbitrary file upload vulnerability affecting PLOGGER
> version 1.0RC1
> 
> This vulnerability allows an authenticated user to upload an arbitrary
> PHP file on the remote web server in an accessible path, by sending a
> specifically crafted zip file.

> session.post('http://' + HOST + "/plog-admin/plog-upload.php",

> ## Add true image file to block the race condition (mandatory not
> null)

Use CVE-2014-2223.

Can you explain the race condition? For example: without the true
image file, would the product extract the .php file but then delete it
very soon afterward?



> 2. CAPTCHA bypass vulnerability
> 
> A theme called "Lucid" provided in PLOGGER version 1.0RC1 implements a
> weak CAPTCHA prone to a replay attack. By abusing this vulnerability,
> an unauthenticated user may be able to post a huge number of comments.

> The script generating the CAPTCHA image inserts a code in the current
> user session, but this value is not unset while processing the form,
> thus allowing an attacker to submit multiple times the form with
> always the same captcha and associated code.

> The vulnerable code is located in plog-comment.php, line 106.

Use CVE-2014-2224.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTDzfpAAoJEKllVAevmvmsVc8H/j06CzXpU0k8lHndLB4b18Dm
G52S617mi8nRVmx9ksLjSMuWNpFBUqTqoAAQLsnYZsoeOuQH+ijhByQ9AGkHmx3O
kxfIoEAY8Dj2zulPAg62UiI8XkyWbAZwRR+pMzKEb0Ch8IHCm3P0wZBOWIxd1gWB
wUhxkKp4KgZGGW9eX420vOQMMZuSMkr/KfiM+2y+RibMG3twQJn64rcFxtYTwx3V
KrosI7vSdb0YLEvP/QpAtqB7Am+IHUTcNEa0dFqvV/iVZjyQ7Frb/8RPf1u8acKC
XSZAYYWzZOqoqGypccKFCv36GF2y5OYctrqdY1OUz5x1zQ9pSHdGsdiSlkHbkDg=
=VRHX
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ