oss-security - Re: CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Thu, 18 Oct 2012 01:45:10 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Matthias Weckbecker <mweckbecker@...e.de>, security@...security.org
Subject: Re: CVE request: Fwd: [Full-disclosure] SEC Consult
 SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/17/2012 02:47 AM, Matthias Weckbecker wrote:
> Hi Steve, Kurt, vendors,
> 
> this flaw looks slightly different from the last one and
> apparently has not got a CVE yet.
> 
> ----------  Forwarded Message  ----------
> 
> Subject: [Full-disclosure] SEC Consult SA-20121017-0 ::
> ModSecurity multipart/invalid part ruleset bypass Date: Wednesday
> 17 October 2012 From: SEC Consult Vulnerability Lab 
> <research@...-consult.com> To: full-disclosure@...ts.grok.org.uk, 
> bugtraq@...urityfocus.com
> 
> SEC Consult Vulnerability Lab Security Advisory < 20121017-0 > 
> =======================================================================
>
>
> 
title: ModSecurity multipart/invalid part ruleset bypass
> product: ModSecurity vulnerable version: <= 2.6.8 fixed version: 
> 2.7.0 CVE number: - impact: Depends what you use it for homepage: 
> http://www.modsecurity.org/ found: 2012-10-12 by: Bernhard Mueller
>  SEC Consult Vulnerability Lab https://www.sec-consult.com 
> =======================================================================

Looking
>
> 
through

https://www.modsecurity.org/tracker/secure/ReleaseNote.jspa?projectId=10000&version=10100

Is this https://www.modsecurity.org/tracker/browse/MODSEC-155

I'd like to confirm this before assigning a CVE.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQf7OGAAoJEBYNRVNeJnmTFlgQAJxEfUA7oFo8bb0/iSrb7zy9
k4IgupMfsxmOLy9uv07G5dy7dRNRkOqYtrQxszFfnnsFqTDtE9+BU7QpX3pmyBlp
KYJMTen2A7ygbqr2GSNnh5faCeYty/9gvubTrJ0wmdE8wlwoOqOtZcjkjA0IzRy9
T5WYmwxHkkytPsBVQjrirJc4Q2ehKLUNA6ipC6eyq5b+5qqtS+pHRcJbMbNeHj8P
PSDeWGAgwSVY56o+vb0WjAjaU/o64kv6ZOn8MFb06cb+GCTUbtpJHwRWaBwmNBaf
9vHqUURjkAkB/np5v9PvKGuovBs8MiDjv43Z8Tl2oWLGJlkaWO0ltC0HBD9nkKBV
H+5mSPub3MBrtxXyUXI0lb4Zh4vUtbzDt8O0SVV+6lqAFv18UBX0ksTjzkgK6sIl
987lJr+MiKsVsO7XBZk0OBMQShu9AiZq3ueBwcol99HeY/ICPPZxT+lP/v72rNsc
rMaLOBtgdMj2n0yVvqk4Zg1mshZyWP8NAofFhu2sIbItd/x/csCrwFTjJnrar2pN
2wHJKFjq/ssMXBuFws1M/O4CjRDo2iImB4fIYqS5GxSXRQUephI6eIbgmX/PPQgG
5z550ct/fbSCcNm8uzCjN5YbAKcvHqfDqTqrq4v6bBMJ6ww2eOR8gF9/LYFm7OKb
jTf1myRV1SAMt6UVd0dJ
=XFfO
-----END PGP SIGNATURE-----

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.