oss-sec mailing list archives
Re: plone, rrdtool, zenoss bugs
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 31 May 2013 00:06:33 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/18/2013 02:08 PM, Kurt Seifried wrote:
On 04/18/2013 06:05 AM, Thomas Pollet wrote:Hi,I reported a csrf bug in plone pluggable authentication service, fixed in 4.2.5 http://plone.org/products/plone/releases/4.2.5 " CSRF protection for the ZODBUserManager, ZODBGroupManager, ZODBRoleManger, and DynamicGroupsPlugin plugins."Was this previously exploitable, or is this just a hardening measure?Also, the rrdtool python module crashes on format string exploit $ python -c "import rrdtool rrdtool.graph('/tmp/out.png','-f','%n%n')" Segmentation fault
Sorry for the delay, please use CVE-2013-2131 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRqD3pAAoJEBYNRVNeJnmT+7MQALBzzuaAz12sDTeRTGdFrIpG 9wq8ejh5wFpWoFmkWIRSDqhXPBjcq98l0GB3Zh4O1YltD1q4DcsopyuHWxjzzB5o wzib/Vs2JpKlv+gqD32F6gAIJ6UTjUFYMt5me6PiJ0UaIctGywz5TWiw65O+/cpo 9m9tzeplm4a9D5i1w+jMS/PemBJbTo5ER0lBo84Dvso1FEJ1R4pU4Pt9nxPF1HEi 7Hwr9RFFbSO5j/KR7DwZ/OIJpJ2+PX+BSi7rBBwcUVIR/9S3KCy8HzaZcwCxKZ6H /p9kqqWqh6UFtJw7QEjMwQY096VMHj2c5LEL750ky2/xRFHop1lbiMj1T45Jku2P GcGlWrru4Rw3+jUdl90bXeCcDAxYHzb4qvns4jUTCKZ7bvWEsl7eth/S7zsW3w6Y zAZttK+ZgZ6Fx8k7IShHBJ9y0qygQ3Je6ZUbTYrpkYgdOAhfjRgfd9SGlbulV3yA fN7b0oTHh3iKVwAlr7Qe/0ib3rERN4DioNbEsexbUX5sb9DotKv6/WOSq+Ww/jxi g5T/RJJS4a5sJOIxm7kXawSp/gvLNvLMnJY4pZpJkaLP5PKiHdPFpX+rgu9GIfC1 P+Hlqe0NaPSKjZ3riJM1fsWHTXKI513dDlWjxyLFzh+oNyljeMT3kLuIvV5608gR sqqsQqn+K+tLVxH6kDxH =jR/J -----END PGP SIGNATURE-----
Current thread:
- plone, rrdtool, zenoss bugs Thomas Pollet (Apr 18)
- Re: plone, rrdtool, zenoss bugs Kurt Seifried (Apr 18)
- Re: plone, rrdtool, zenoss bugs Matthew Wilkes (May 24)
- Re: plone, rrdtool, zenoss bugs Kurt Seifried (May 30)
- Re: plone, rrdtool, zenoss bugs Henri Salo (May 19)
- Re: plone, rrdtool, zenoss bugs Kurt Seifried (May 24)
- Re: plone, rrdtool, zenoss bugs Henri Salo (May 24)
- Re: plone, rrdtool, zenoss bugs Kurt Seifried (May 24)
- Re: plone, rrdtool, zenoss bugs Kurt Seifried (May 24)
- Re: plone, rrdtool, zenoss bugs Kurt Seifried (Apr 18)