Date: Tue, 16 Dec 2008 20:31:51 -0500 (EST) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: coley@...re.org Subject: Re: Re: CVE Request - roundcubemail On Sat, 13 Dec 2008, Florian Weimer wrote: > * Ingrid wrote: > > > Therefore, I agree with Raphael that the issue has not been found yet. The general issue of /e in preg_replace is covered by CWE-624 Executable Regular Expression Error (http://cwe.mitre.org/data/definitions/624.html) which has a couple other CVE examples. I bet there's a chunk of these in various applications. I believe Perl has similar functionality. Use CVE-2008-5619 for the issue. Note there's a separate DoS issue, CVE-2008-5620. - Steve ====================================================== Name: CVE-2008-5619 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5619 Reference: MISC:http://trac.roundcube.net/ticket/1485618 Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=898542 Reference: CONFIRM:http://trac.roundcube.net/changeset/2148 Reference: FEDORA:FEDORA-2008-11220 Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00783.html Reference: FEDORA:FEDORA-2008-11234 Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00802.html Reference: MLIST:[oss-security] 20081212 CVE Request - roundcubemail Reference: URL:http://www.openwall.com/lists/oss-security/2008/12/12/1 Reference: SECUNIA:33170 Reference: URL:http://secunia.com/advisories/33170 html2text.php in RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. ====================================================== Name: CVE-2008-5620 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5620 Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=898542 RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.