Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4F9EEE8B.1010404@redhat.com>
Date: Mon, 30 Apr 2012 13:56:59 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Henri Salo <henri@...v.fi>,
        Hanno Böck
 <hanno@...eck.de>
Subject: Re: CVE-request: SilverStripe before 2.4.4

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/30/2012 12:47 AM, Henri Salo wrote:
> Can I get 2011 CVE-identifiers for SilverStripe issues fixed in
> 2.4.4:
> 
> http://www.silverstripe.org/security-releases/
> 
> SQL information disclosure, SQL injection in Translatable
> extension, Cross Site Request Forgery in various CMS interfaces,
> XSS in controller action handling
> 
> Requested originally in http://seclists.org/oss-sec/2011/q1/12 but
> never got assigned. I can collect information about other versions
> too and request missing CVE-identifiers, but that will take some
> time.
> 
> - Henri Salo

Ok went through the list a bit, the latest one already exists,
assigned the 2011's:

========================================

31 January 2012
SilverStripe v2.4.7 - XSS in text transformations on templates and
page title saving in CMS (details)
SilverStripe v2.3.13 - See 2.4.7 (details)
(already assigned) CVE-2012-0976 	Cross-site scripting (XSS)
vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote
authenticated users with Content Authors privileges to inject
arbitrary web script or HTML via the Title parameter. NOTE: some of
these details are obtained from third party information.

========================================

18 October 2011
SilverStripe v2.4.6 - XSS in anchor links, possible SQL injection with
far eastern encodings, possible remote code execution through page
comments (details)
SilverStripe v2.3.12 - See 2.4.6 (details)

CVE-2011-4958 Security: Cross-site scripting on anchor links

CVE-2011-4959 Security: Possible SQL injection for MySQL when using
far east character encodings

CVE-2011-4960 Security: SQL injection in Folder::findOrMake()
parameter (used mostly in author-only CMS through Upload::load())

CVE-2011-4961 Security: Privilege escalation from EDIT_PERMISSIONS to
ADMIN for users access to the CMS (through Member->getCMSFields() and
TreeMultiselectField)

CVE-2011-4962 Security: Potential remote code execution through
serialization of page comment user submissions

========================================

I'll assign the 2010's when I get some more 2010 CVE's.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPnu6LAAoJEBYNRVNeJnmTKHQP/08l9r0+iXd4t3qXt1Nw3IRt
Bwly+oIkAnHRDtklXujsnPuiCL2aYCTH5YpUxdXv+1GJm0sTdMnBFbeQwxZGJw4F
v2GMewANR2j8+IIRY8UoLcVA+sMFMR+ELVnD2QFZZvxUwm7XX8f3T0Iy3WhM9xrP
IQSTNFpptLscAI4vf2/53pUVDWgerYfc8MT1IW8IbOIn5xGEyXLOv1Fa/PFTzw1i
Z0zS2sNe5LUDJzqFgMDcDu0ZufBrulPphYk0JqjD059jjCsEJo6faczc3z+1CJqu
KxZNaJDh+bm5XoQE+Wed9oSjoX1JVRyShliyHwxGBV3o1A170y5Tx3gzVmRWA71n
lZXDRSzI3qeyCytz5hywDLcXTuqukL/hsXBf49OpjahZTLAt7gIavXyD3HFhiuuD
Ctjqm/yDsg1GY9jJiyemxBoowC3mA4FVoGo3Czx3tLFZLiJWVvxwg3UUDthFhcM0
5f4mlo/N8LhQ2nCqNlLc7VMcakL97FgRlK1U9kSFU+Mqv3Rrne3xeqrB6I9Fc9Wl
Jo6+hOu2vet2gDJ/1wEurXmemZN/2Qhpar7ckzhV+h9UxmURMtMXiAAYjUxFxRPl
GJ4ujhI24FQAIkBmDmry5Od3Hpd9ZxmxVBp+GX5vNqGsT7UA7p/LGyKf+nWCNmLY
Akvwi3mOmFNdTCLDajBA
=as6p
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.