oss-sec mailing list archives
Re: CVE-2008-4796: snoopy triage
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 3 Nov 2008 19:46:54 -0500 (EST)
Updated, original oss-security post will be added later. Note that we don't track every single product (imagine how many pages a zlib issue would take up!) - Steve ====================================================== Name: CVE-2008-4796 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4796 Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=879959 Reference: JVN:JVN#20502807 Reference: URL:http://jvn.jp/en/jp/JVN20502807/index.html Reference: JVNDB:JVNDB-2008-000074 Reference: URL:http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html Reference: FRSIRT:ADV-2008-2901 Reference: URL:http://www.frsirt.com/english/advisories/2008/2901 Reference: SECUNIA:32361 Reference: URL:http://secunia.com/advisories/32361 The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.
Current thread:
- CVE-2008-4796: snoopy triage Steffen Joeris (Nov 01)
- Re: CVE-2008-4796: snoopy triage Steven M. Christey (Nov 03)