Date: Mon, 3 Nov 2008 19:46:54 -0500 (EST) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security <oss-security@...ts.openwall.com> cc: coley@...re.org Subject: Re: CVE-2008-4796: snoopy triage Updated, original oss-security post will be added later. Note that we don't track every single product (imagine how many pages a zlib issue would take up!) - Steve ====================================================== Name: CVE-2008-4796 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4796 Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=879959 Reference: JVN:JVN#20502807 Reference: URL:http://jvn.jp/en/jp/JVN20502807/index.html Reference: JVNDB:JVNDB-2008-000074 Reference: URL:http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html Reference: FRSIRT:ADV-2008-2901 Reference: URL:http://www.frsirt.com/english/advisories/2008/2901 Reference: SECUNIA:32361 Reference: URL:http://secunia.com/advisories/32361 The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.