Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 11 Sep 2014 03:28:47 -0400 (EDT)
From: cve-assign@...re.org
To: henri@...v.fi
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: TYPO3 extensions

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

TYPO3-EXT-SA-2014-006
powermail
Captcha Bypass
CVE-2014-6288


TYPO3-EXT-SA-2014-005
same Ajax dispatcher in pt_extbase and yag
Access Bypass
CVE-2014-6289


TYPO3-EXT-SA-2014-003
tt_news
Insecure Unserialize
CVE-2014-6290


TYPO3-EXT-SA-2014-002
alpha_sitemap Cross-Site Scripting  CVE-2014-6291
femanager Privilege Escalation      CVE-2014-6292
ke_stats SQL Injection              CVE-2014-6293
outstats Cross-Site Scripting       CVE-2014-6294

> Problem Description: The extension smarty bundles the template engine smarty.
> Old versions of this library are known to be vulnerable to arbitrary php file
> include via template source file.

We're not sure whether a CVE request was intended for this. Here, the
wording "via template source file" would typically mean an attack
vector, but maybe what is meant is that a template source file is the
vulnerable file. If the scenario were something like "the extension
enables an attack by accepting template source files from untrusted
parties in a way that is unintended by Smarty," then the extension
could be considered the primary affected product and could have its
own CVE ID for this issue. If this Problem Description text is
intended to mean that Smarty is the primary affected product, then a
CVE for the previously known issue in Smarty might already exist. If
anyone knows the best reference for "Old versions of this library are
known to be vulnerable," that could help resolve the question.

wec_map SQL Injection               CVE-2014-6295
wec_map Cross-Site Scripting        CVE-2014-6296


TYPO3-EXT-SA-2014-001
mm_forum
Cross-Site Scripting CVE-2014-6297
upload arbitrary files ... Code Execution by uploading PHP files CVE-2014-6298
CSRF CVE-2014-6299

> One CVE might be enough as per same reporters and fixed in version.

We typically cannot combine the different flaw types into one CVE. We
could combine them into one CVE if CSRF were the single root cause of
all of the issues, but nobody has reported that here, and it seems
relatively unlikely.


> Can I get 2013 CVE for TYPO3-EXT-SA-2013-014
> direct_mail exposes user data including the original authentication code

CVE-2013-7400

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUEU6+AAoJEKllVAevmvmsWT8H/jpM07K0kv8DX/LiVleIWagI
zm4vq8G9QHzOqUwiD88yTtqhNgOkfifuudWpKLQ9Af4HHhGKZzKaSS/UWdxkDjId
Ymfca2z7Ug6OSI2rujGUShga1pHhzyuKXvWuj0HzjWbI+AQ37lFxoNkIPJ8UTKIZ
lOask4pVXxldhs7gFUIu5H4g0CvI9KQR9P+AnEC8cjlOJOh96CwFTD0OIkz2teVT
i9ZP9GS+40lr1Jx3iENAdZIH1XbgCciNWG5hkMFj/2ytAs31mHR8Tr2ZY/IzvEi+
f89BTObrb9o+ecfHnfrsnlPU/9pZ6rUFe+HIPPfHnVHl4/BRjoeGPeJ7hdj75Ns=
=1pSZ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ