Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun,  1 Feb 2015 07:51:07 -0500 (EST)
From: cve-assign@...re.org
To: felix@...but.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: RCE, XSS and HTTP header injection in fli4l web interface

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>> arbitrary command execution,

> For the "execute arbitrary programs" issues, can you provide specific
> names for the vulnerability types, or any equivalent information?
> The paragraphs about include/cgi-helper and admin/pf.cgi aren't
> sufficient to determine the number of CVE IDs.

The vulnerability-type information was sent to MITRE without a Cc to
oss-security. Perhaps it will be sent here later. include/cgi-helper
and admin/pf.cgi have the same vulnerability type.

Use CVE-2015-1443 for both of these.


> XSS vulnerabilities

Use CVE-2015-1444 for all of these.


> HTTP header injection.

Use CVE-2015-1445.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUziDZAAoJEKllVAevmvmsoN8H/1zAC7qaa/6zqK9GxPq+pAH9
YRA4fhkNYgEzXBAt1X74Q5VaIRwVLqkyu1q7C+z8dPv28UK7vLkwW2VX+kr1nIjP
AWQay4ZL4Co/0JLHrwjnTfT3rNwb1lPWbIEimxP+CaTzNsi9VyXf7YOrGOFmtaXk
CSnztxVT9HTu0mVr3NGdmTk/2nmEmApsguoRXgr9XlO4k2DlFJNjH1x1rN8HT967
LpgirymP7NyZEsVMOu9vQxnM9//OVkROoIlvvrZ6bYuRrdH0vU5SS4+mvvll788h
6neXVJnXZtXwtNodHSt+6TYXd9hq+iuAhUnsgs9s0b9y39iv9N7QgNHomXg1LLg=
=fTWW
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ