Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue,  2 Sep 2014 19:13:18 -0400 (EDT)
From: cve-assign@...re.org
To: nguigo@...cpartners.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, carnil@...ian.org, team@...urity.debian.org, camrdale@...il.com
Subject: Re: CVE requests for 2 separate vulns in torrentflux 2.4.5-1 (debian stable)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759574
> 
> The XSS that can be triggered by an unauthenticated attacker. A malicious
> torrent file such as the POC attached can be crafted and shared by an
> attacker. Upon starting the download from Torrentflux, some of the file
> contents are pasted without output encoding into a script section,
> triggering the XSS. An alternate vector (authenticated) is for an attacker
> to upload the torrent file to his own account and subsequently share a link
> the torrent's details

Use CVE-2014-6027 (i.e., for both vectors).


> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759573
> 
> An authenticated attacker on the webapp can access all users' cookies stored
> in the database by iterating the cid (cookie id) in the following fashion:
> 
> /torrentflux/profile.php?op=editCookies&cid=<ITERATOR>
> 
> The function getCookie is implemented at torrentflux/www/functions.php
> L395

Use CVE-2014-6028 for this report about the ability to read cookies.


> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759573#16
> From: Salvatore Bonaccorso <carnil@...ian.org>
> 
> FTR in the bug: Given that it is also possible to delete or modify
> cookies.

Use CVE-2014-6029 for this report about the ability to delete or
modify cookies. (The nature of the attack is not identical and it was
reported by a different person.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUBk5PAAoJEKllVAevmvmsgtYH/1/JqyAnliUKei7JOKrFelFq
/gkmffgsWLn3YWAbnm0mwqwZO2QWTjIXpqcqf2M6UyGqYTOwqaNwBVxWv+f83exz
tsg6A4dCHGVJQCzaO4SbbzL2i+F6dmo2Tn9GS3u1x7W3BirgDSp+v9z0dswN67aU
Ra5HyJCr2tQUw6PXr63b1Brfgcw20kBtfRb0FI/S4+89R2tbMr+nhrs5W9XVugbp
jb6qCsAi2HHSIpZFucNNSX2KaLiDQyZ9qXKZVMqlRL66osE5nw7LyDmhlU6aO0y9
QsRBU7jj0k1xmlrpXhZWVIX5L4Yp9hkiQPYI3VKd/RAT0JWQd/FVa9Hlg1dj104=
=SLx9
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.