Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 23 May 2014 12:50:25 -0400 (EDT)
Subject: Re: CVE request: Pyplate multiple vulnerabilities

Hash: SHA1


> Installation instruction tells user to execute following commands without
> checking any checksums or similar:
>> wget
>> chmod +x ./
>> sudo ./

This type of issue is probably outside the scope of CVE. A set of
installation commands only implies that an installation can be done
that way, not that an installation should be done that way. There's no
commonly recognized requirement for a vendor to try to document the
types of pre-installation audits that might be important at customer
sites. Of course, the issue is worth pointing out because the vendor
may want to add functionality for download verification, etc.

> File /usr/lib/cgi-bin/ creates passwd.db for admin user
> password with world readable permissions.
> -rw-r--r-- 1 www-data www-data 99 May 13 20:45 /usr/share/pyplate/passwd.db

Use CVE-2014-3851.

> Application is not using HttpOnly ... flag in cookie "id".

Use CVE-2014-3852.

> Application is not using ... Secure ... flag in cookie "id".

Use CVE-2014-3853.

> CSRF + XSS with cookie stealing PoC:
> action="" method="POST"
> name="title" value="[XSS]"

Use CVE-2014-3854 for this CSRF vulnerability. The XSS could be
independently relevant (with a separate CVE ID) if it can be used for
privilege escalation by someone posting JavaScript intentionally using
admin/ We didn't immediately notice anything at suggesting that there would be multiple
user accounts, with different privilege levels, who have legitimate
access to admin/

> payload = {'filename': '../../../../etc/passwd'}
> r ='',
> data=payload)

Use CVE-2014-3855.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through ]
Version: GnuPG v1.4.14 (SunOS)


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ