Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 7 Nov 2012 06:43:58 -0500 (EST)
From: Jan Lieskovsky <jlieskov@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>,
        Jan Pokorny <jpokorny@...hat.com>,
        Matthew Wilkes <matthew.wilkes@...ne.org>,
        Plone Security Team <security@...ne.org>,
        Mitre CVE assign department <cve-assign@...re.org>
Subject: CVE Request - Zope / Plone: Multiple vectors corrected within
 20121106 fix

Hello Kurt, Steve, vendors,

  Plone upstream has issued 20121106 HotFix correcting
multiple security issues:
1) http://plone.org/products/plone/security/advisories/20121106/
2) http://plone.org/products/plone/security/advisories/20121106-announcement

Issues recapitulation (from 1) ):
a) Restricted Python injection
b) Reflexive HTTP header injection
c) Restricted Python sandbox escape
d) Restricted Python injection
e) Partial restricted Python sandbox escape
f) Reflexive XSS
g) Partial permissions bypass
h) Restricted Python sandbox escape
i) Reflexive XSS
j) Restricted Python injection
k) DoS through unsanitised inputs into Kupu
l) Anonymous users can list user account names
m) Partial denial of service through Collections functionality
n) Partial denial of service through internal function
o) Anonymous users can batch change titles of content items
p) Crafted URL allows downloading of BLOBs that are not visible to the user
q) Persistent XSS via filtering bypass
r) Users connected through FTP can list hidden folder contents
s) Persistent XSS
t) Attempting to access a view with no name returns an internal data structure
u) DoS through RSS on private folder
v) Timing attack in password validation
w) PRNG isn't reseeded
x) Form detail exposure

=> preliminary 24 CVE ids needed.

Could you allocate a CVE ids for these? Please take this post
as initial heads up for vendors regarding them. In subsequent
posts I will try to provide as much details about these as
possible (we to be able to determine how many of them in fact
needed).

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.