Date: Thu, 11 Sep 2014 03:28:47 -0400 (EDT) From: cve-assign@...re.org To: henri@...v.fi Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: TYPO3 extensions -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TYPO3-EXT-SA-2014-006 powermail Captcha Bypass CVE-2014-6288 TYPO3-EXT-SA-2014-005 same Ajax dispatcher in pt_extbase and yag Access Bypass CVE-2014-6289 TYPO3-EXT-SA-2014-003 tt_news Insecure Unserialize CVE-2014-6290 TYPO3-EXT-SA-2014-002 alpha_sitemap Cross-Site Scripting CVE-2014-6291 femanager Privilege Escalation CVE-2014-6292 ke_stats SQL Injection CVE-2014-6293 outstats Cross-Site Scripting CVE-2014-6294 > Problem Description: The extension smarty bundles the template engine smarty. > Old versions of this library are known to be vulnerable to arbitrary php file > include via template source file. We're not sure whether a CVE request was intended for this. Here, the wording "via template source file" would typically mean an attack vector, but maybe what is meant is that a template source file is the vulnerable file. If the scenario were something like "the extension enables an attack by accepting template source files from untrusted parties in a way that is unintended by Smarty," then the extension could be considered the primary affected product and could have its own CVE ID for this issue. If this Problem Description text is intended to mean that Smarty is the primary affected product, then a CVE for the previously known issue in Smarty might already exist. If anyone knows the best reference for "Old versions of this library are known to be vulnerable," that could help resolve the question. wec_map SQL Injection CVE-2014-6295 wec_map Cross-Site Scripting CVE-2014-6296 TYPO3-EXT-SA-2014-001 mm_forum Cross-Site Scripting CVE-2014-6297 upload arbitrary files ... Code Execution by uploading PHP files CVE-2014-6298 CSRF CVE-2014-6299 > One CVE might be enough as per same reporters and fixed in version. We typically cannot combine the different flaw types into one CVE. We could combine them into one CVE if CSRF were the single root cause of all of the issues, but nobody has reported that here, and it seems relatively unlikely. > Can I get 2013 CVE for TYPO3-EXT-SA-2013-014 > direct_mail exposes user data including the original authentication code CVE-2013-7400 - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUEU6+AAoJEKllVAevmvmsWT8H/jpM07K0kv8DX/LiVleIWagI zm4vq8G9QHzOqUwiD88yTtqhNgOkfifuudWpKLQ9Af4HHhGKZzKaSS/UWdxkDjId Ymfca2z7Ug6OSI2rujGUShga1pHhzyuKXvWuj0HzjWbI+AQ37lFxoNkIPJ8UTKIZ lOask4pVXxldhs7gFUIu5H4g0CvI9KQR9P+AnEC8cjlOJOh96CwFTD0OIkz2teVT i9ZP9GS+40lr1Jx3iENAdZIH1XbgCciNWG5hkMFj/2ytAs31mHR8Tr2ZY/IzvEi+ f89BTObrb9o+ecfHnfrsnlPU/9pZ6rUFe+HIPPfHnVHl4/BRjoeGPeJ7hdj75Ns= =1pSZ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ