Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 17 Jul 2012 21:16:18 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE id request: libjs-swfupload

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/17/2012 01:46 PM, Nico Golde wrote:
> Hi, * Kurt Seifried <kseifried@...hat.com> [2012-07-17 21:43]: 
> [...] Thanks for the ids!
> 
>> Please use  CVE-2012-3415 for the libjs-swfupload CSRF issue
> 
> This should be plupload in case this has also been noted wrong in
> the CVE id description.
> 
> Cheers Nico
> 

Sorry got a little bit cutty and pasty instead of typing. Correct:

Please use  CVE-2012-3415 for the plupload CSRF issue

Vulnerability #2: CSRF in Plupload

The Plupload applet called Security.allowDomain('*') to allow the
applet to be used from any domain (so it could be served from S3, for
instance). That meant people could interact with the Plupload applet
from any other site on the Internet by embedding it on a page and
using JavaScript. But due to the way the same-origin policy works in
Flash, the applet could still make requests back to the domain on
which it was hosted. In addition, people can specify the full URL for
an upload request via JavaScript and the result of that request (ie:
the HTML of the resulting page) is passed back via JavaScript to the
embedding page.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQBiqCAAoJEBYNRVNeJnmTBu8P/RHCEtYcd7QsWGuaiRUrpRCy
XEK1x5beKZ8qc7YRb7qtEeNBSrnCk16TZ91WyX+V8E/hC5g+faj5J61DCOVNpd+T
jvKHEjOz5YA+nyFmKjQOIsFPmhpL0G2CD+3EZ8na8X7jEejJmg8b9rQ88x6Jqu20
s/juGiuUGlXf0JVLioRymGrFlxiPlnD1ilbcJmGAFTnYHd5C+Ss3jYrTG4v3NREg
y7SBML7KeFG8xd0lB7EuQ8ZGXKlwalPLbVCurcLROKCPsIf92LgKjMHcSMIs4t6u
fchhY8qQJVvcxnxrmlBVPnSOLUWNvcKBrAN96oi88KuYOxU/gHqFRSAK+mLgfrDj
XtE8MRv27+LJ1fxKGy6jjbh1JCXBaOylqeERe01PwmnOeEnX4m9RFkkK/hRNg6hp
JWEEfteV/LaP93ga6/fYo9jy/8dVT3ZF5DX/y9rbqrpF8KRRQ7awqT9oJZdUz8Co
rCs0Zey4i+BjGrfHRrNQdPYuQYZmE7v28RAsHLr+VpMFLM5Zlxq00lBUJmkBRH9X
uyy4yLSjdAxoM/84iXzzxVIcUJ+xYqAWIvScj+mejzTFqG7nzafAHJwBL9w1A3Zc
NhUIzkgvzZYWSmG966iINHGtuSt549jQzjcFXVXt1Qer1jWFRdWWGBINecsPbVFe
itJ1UYaxim9HgMbHD2RE
=ePvM
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.