oss-sec mailing list archives

Re: CVE requests: freebsd kernel/tesseract/xinha/proftpd

From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Wed, 2 Mar 2011 18:05:45 -0500 (EST)


On Mon, 21 Feb 2011, Moritz Muehlenhoff wrote:

1. FreeBSD kernel: local DoS
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=613312
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611476
http://www.exploit-db.com/exploits/16064/
http://svn.debian.org/wsvn/glibc-bsd/branches/squeeze/kfreebsd-8/debian/patches/000_tcp_usrreq.diff


Use CVE-2011-1132

2. Xinha: Multiple vulnerabilities
(The code is included in a few web apps, e.g. serendipity, openacs or dotlrn)
http://secunia.com/advisories/40669/

CVE-2011-1133 - XSS in mode param toplugins/ExtendedFileManager/backend.php (David Vieira-Kurz)


CVE-2011-1134 - file upload

CVE-2011-1135 - XSS at end of URL toplugins/ExtendedFileManager/manager.php andplugins/ImageManager/manager.php (Riss McRee)

3. tesseract: Insecure temp file handling
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612032


CVE-2011-1136

4. proftpd mod_sftp integer overflow
http://bugs.proftpd.org/show_bug.cgi?id=3586
http://www.exploit-db.com/exploits/16129/


CVE-2011-1137


- Steve

Current thread:

CVE requests: freebsd kernel/tesseract/xinha/proftpd Moritz Muehlenhoff (Feb 21)
- Re: CVE requests: freebsd kernel/tesseract/xinha/proftpd Josh Bressers (Feb 23)
- Re: CVE requests: freebsd kernel/tesseract/xinha/proftpd Steven M. Christey (Mar 02)