Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue,  2 Sep 2014 19:13:18 -0400 (EDT)
From: cve-assign@...re.org
To: nguigo@...cpartners.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, carnil@...ian.org, team@...urity.debian.org, camrdale@...il.com
Subject: Re: CVE requests for 2 separate vulns in torrentflux 2.4.5-1 (debian stable)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759574
> 
> The XSS that can be triggered by an unauthenticated attacker. A malicious
> torrent file such as the POC attached can be crafted and shared by an
> attacker. Upon starting the download from Torrentflux, some of the file
> contents are pasted without output encoding into a script section,
> triggering the XSS. An alternate vector (authenticated) is for an attacker
> to upload the torrent file to his own account and subsequently share a link
> the torrent's details

Use CVE-2014-6027 (i.e., for both vectors).


> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759573
> 
> An authenticated attacker on the webapp can access all users' cookies stored
> in the database by iterating the cid (cookie id) in the following fashion:
> 
> /torrentflux/profile.php?op=editCookies&cid=<ITERATOR>
> 
> The function getCookie is implemented at torrentflux/www/functions.php
> L395

Use CVE-2014-6028 for this report about the ability to read cookies.


> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759573#16
> From: Salvatore Bonaccorso <carnil@...ian.org>
> 
> FTR in the bug: Given that it is also possible to delete or modify
> cookies.

Use CVE-2014-6029 for this report about the ability to delete or
modify cookies. (The nature of the attack is not identical and it was
reported by a different person.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUBk5PAAoJEKllVAevmvmsgtYH/1/JqyAnliUKei7JOKrFelFq
/gkmffgsWLn3YWAbnm0mwqwZO2QWTjIXpqcqf2M6UyGqYTOwqaNwBVxWv+f83exz
tsg6A4dCHGVJQCzaO4SbbzL2i+F6dmo2Tn9GS3u1x7W3BirgDSp+v9z0dswN67aU
Ra5HyJCr2tQUw6PXr63b1Brfgcw20kBtfRb0FI/S4+89R2tbMr+nhrs5W9XVugbp
jb6qCsAi2HHSIpZFucNNSX2KaLiDQyZ9qXKZVMqlRL66osE5nw7LyDmhlU6aO0y9
QsRBU7jj0k1xmlrpXhZWVIX5L4Yp9hkiQPYI3VKd/RAT0JWQd/FVa9Hlg1dj104=
=SLx9
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.