oss-sec mailing list archives

Re: CVE-request: SMF index.php msg parameter SQL-injection (2005)

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 14 Nov 2012 10:31:54 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/08/2012 06:51 AM, Henri Salo wrote:

On Fri, Sep 14, 2012 at 11:29:07AM -0600, Kurt Seifried wrote:

On 09/14/2012 06:40 AM, Henri Salo wrote:

Hello list,

Old SQL-injection security issue in SMF does not have 
CVE-identifier. Could you please assign one from year 2005, 
thanks.

Affected versions: <= 1.0.4 Fixed in 1.0.5

References: http://osvdb.org/17458 
http://secunia.com/advisories/15784/

- Henri Salo ps. never too late


Can you confirm this isn't 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4159


To me this looks like a different vulnerability, because of
different affected files and parameters.

CVE-2005-XXXX: index.php http://osvdb.org/17458 
http://www.securiteam.com/exploits/5HP0N0KG0O.html


Please use CVE-2005-4891 for this issue.

CVE-2005-4159: Memberlist.php http://osvdb.org/21722 
http://archives.neohapsis.com/archives/bugtraq/2005-12/0090.html

- Henri Salo




- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQo9WJAAoJEBYNRVNeJnmT2NEQAIu7riVk8t9Jltgi9HUDWgZp
4mgyLGOX5Bh88+w6ZGwfk0c1GoMRycQDI0pm0jPib65buP9wYobNJxmIpfGKi55Y
AvvmDCUuHkzslzNGPS0pkId+u8h/bzZ5oNy9vP50D2tpCcg6ByHhXdj6wJPtryel
zDWVYfBaxLPZM9gVxZ1T2Fhbvhdow/LbDTgRBA7t7/WtGKMXw5uREtOfzAy3GsCt
WzFdUV0q4X9bbDNlB9vQOLpU9jyDPkHDJfezNzzWFo7tE3AL/u9JP19mzwJg7gjy
KSuZy1esnpvoa15iTFAvtU2w7dU8QvARqAOw7c1pfQWirPrquFGxOySiT+5hNC36
jkf+6Mpf0fMKTCpeUa2+aenaej+TQ9e+045EHprmpc5PJeuSTsvOUWot61051G3v
8gyJ37QLi86gYlgxjEluj3rNxwK+TzBjItYZEu4EXC5dOGLM7H4vcHjsIh94kkX5
yC3jqLtVBBFJgbVa7NnZQoZIpLoNYqQqdF9/kocVwgStUEJEOl8RubvPqpZmKXeq
yP1nZNeYE6mRNXEzUmgXzpuYLa/Yv6yOf9XeKJ2YzRga60K890aYJY5f4nI51EFq
uBYnPYVqDHMaaBuHMwy7jHGzd6XERvHXje22xqIcRObse0dTJVvtw4T9x2+Fv9Pd
MglXDAKxcLejzFCIi/Nf
=sxjC
-----END PGP SIGNATURE-----

Current thread:

Re: CVE-request: SMF index.php msg parameter SQL-injection (2005) Henri Salo (Oct 08)
- Re: CVE-request: SMF index.php msg parameter SQL-injection (2005) Kurt Seifried (Nov 14)