oss-sec mailing list archives
Re: CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo
From: Josh Bressers <bressers () redhat com>
Date: Tue, 7 Dec 2010 15:18:31 -0500 (EST)
This is a great request, thanks. It's quite large but you gave me enough info that it's not killed me to figure it out. Steve, I have a request for MITRE to handle at the bottom. Thanks. ----- "Raphael Geissert" <geissert () debian org> wrote:
IO::Socket::SSL: unexpected fallback to VERIFY_NONE if certificate file(s) are not specified. http://bugs.debian.org/606058 http://secunia.com/advisories/42508/
CVE-2010-4334
cakephp: code execution via unserialize() call with untrusted data http://malloc.im/CakePHP-unserialize.txt https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb http://secunia.com/advisories/42211/
CVE-2010-4335
collectd: DoS via the RRDtool and RRDCacheD plugins http://bugs.debian.org/605092 http://secunia.com/advisories/42393/
CVE-2010-4336
gnash: insecure handling of temp files at build-time http://bugs.debian.org/605419 http://secunia.com/advisories/42416/
CVE-2010-4337
ocrodjvu: insecure handling of temp files http://bugs.debian.org/598134
CVE-2010-4338
hypermail: XSS http://bugs.debian.org/598743
CVE-2010-4339
libcloud: "doesn't verify ssl certificate" It appears that what it doesn't verify is the certificate's CN. From the references provided in the Debian bug report it looks like it is a widespread issue on the SSL implementations in Python. Not sure how MITRE would like to handle those. http://bugs.debian.org/598463 https://github.com/tjfontaine/linode-python/issues/issue/1#issue/1
MITRE weighed in on this. Python *should* get the ID, but each fixed app also gets one. CVE-2010-4340 Steve, can MITRE take the one below. It's quite large and I don't have time to do it right now. Thanks.
piwigo: a1) CSRF a2) SQL injection a3) stored XSS http://secunia.com/advisories/41365/ http://piwigo.org/releases/2.1.3 http://www.exploit-db.com/exploits/14973/ (the issues mentioned by the exploit-db entry appear to be the same that were fixed in 2.1.3) b) search.php SQL injection http://secunia.com/advisories/38305/ http://piwigo.org/releases/2.0.8 c) CSRF in the admin panel: http://secunia.com/advisories/37681/ http://www.exploit-db.com/exploits/10417 (the exploit-db entry details two other issues, but are "admin-only" -- feel free to assign or ignore those.)
Current thread:
- CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo Raphael Geissert (Dec 06)
- Re: CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo Josh Bressers (Dec 07)
- Re: CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo Ludwig Nussel (Dec 09)
- Re: CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo Steven M. Christey (Dec 09)
- Re: CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo Ludwig Nussel (Dec 09)
- Re: CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo Josh Bressers (Dec 07)