oss-sec mailing list archives
CVE Request -- 1) Namazu v2.0.21: XSS flaw by processing HTTP cookies 2) Namazu v2.0.20: Stack-based buffer overflow by replacing blank "uri" field value
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 23 Nov 2011 12:16:49 +0100
Hello Kurt, Steve, vendors, based on: [1] https://bugs.gentoo.org/show_bug.cgi?id=391259 [2] http://www.namazu.org/security.html.en the following two issues (when compared against [3]) doesn't seem to have CVE ids yet:I) There is cross-site scripting vulnerability for IE 6,7 in version 2.0.20 or older.
References: http://www.namazu.org/#stable http://www.namazu.org/security.html#cross-site-scripting Further issue details are described in: https://bugzilla.redhat.com/show_bug.cgi?id=756348 Note: A CVE-2011-* identifier should be assigned for this. =====II) To 2.0.19 or a version that is older than 2.0.19, there is a vulnerability of overrunning in the buffer. It recommends since Namazu 2.0.20 to be used.
References: http://www.namazu.org/#stable http://www.namazu.org/security.html.en Further issue details are described in: https://bugzilla.redhat.com/show_bug.cgi?id=756341 Note: A CVE-2009-* identifier should be assigned to this. ===== Could you allocate two CVE ids (one CVE-2011-*, the other CVE-2009-*) for these two flaws? According to: [3] http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=namazu the last CVE id, assigned for Namazu, was CVE-2008-1468 for the "XSS UTF-7" issue, which corresponds to:"To 2.0.17 or a version that is older than 2.0.17 There is a weakness of retrieval type by the misidentification of the encode automatic operation recognition of Web browser that is the UTF-7 encoding. It recommends since 2.0.18 as much as possible to be used." record
from [2]. Should you need any further details due these two, let me know. Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- 1) Namazu v2.0.21: XSS flaw by processing HTTP cookies 2) Namazu v2.0.20: Stack-based buffer overflow by replacing blank "uri" field value Jan Lieskovsky (Nov 23)