Date: Wed, 2 Mar 2011 17:55:17 -0500 (EST) From: "Steven M. Christey" <coley@...-smtp.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: simple machines forum before 1.1.13 On Wed, 23 Feb 2011, Josh Bressers wrote: > ----- Original Message ----- >> http://www.simplemachines.org/community/index.php?P=2fd5266e000b83407b05d142bd006d4a&topic=421547.0 >> >> No useful info on the kind of vulnerability, just states "Several >> security-related fixes" >> > > Steve, > > Can MITRE take this one. I almost gave this a single CVE for "multiple unspecified" but there's a readable patch file that gives more hints: http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip Reversing the patches suggests the following (assuming that ONLY security patches are included in the ZIP, as stated in the initial post). CVE-2011-1127 - guest access to SSI.php CVE-2011-1128 - "brute force" on Load.php CVE-2011-1129 - ManageNews.php, probably XSS CVE-2011-1130 - improper input validation for a number in $_REQUEST['start'] in QueryString.php, and also $start variable in Subs.php CVE-2011-1131 - unspecified query issues in Search.php, related to $createTemporary variable. - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.