Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 05 Feb 2016 15:32:29 -0500
From: anarcat <anarcat@...ngeseeds.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression

So from what I understand, this issue is only related to the *sample*
code in php-openid, correct?

You also report that this code is in "use verbatim" in "the vast
majority of sites", yet looking at the Debian code base, the only
samples of that code I could find are in php-openid itself and the SAML
library:

https://codesearch.debian.net/search?perpkg=1&q=getTrustRoot

(jglobus seems to be a false positive there)

I have reviewed the usage of the openid.realm field in the Debian source
code and, in general, it doesn't seem to use the `Host:` header:

https://codesearch.debian.net/search?perpkg=1&q=openid.realm

Furthermore, I am not sure the attack works even on the theoritical
level: how would the user reach the proper website if the Host header is
changed?

A.
-- 
Never attribute to malice that which can be adequately explained by
stupidity, but don't rule out malice.
                         - Albert Einstein

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ