oss-sec mailing list archives
Re: CVE request: MovableType before 5.2.6
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 14 Jun 2013 14:01:21 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/13/2013 09:50 PM, John Lightsey wrote:
Hi everyone, The 5.2.6 release of MovableType fixed a vulnerability in the handling of comments to blog posts. The 'comment_state' parameter is processed by MovableType's unserialize() function which can be used to send data into Storable::thaw(). As documented by the perl-security team recently, Storable::thaw is unsafe to use on untrusted inputs. http://perl5.git.perl.org/perl.git/commit/664f237a84176c09b20b62dbfe64dd736a7ce05e The MovableType 5.2.6 release notes document the fix for this vulnerability as: "109458 Currently un-used parameters are unintentionally deleted when a comment is posted" http://www.movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html
Please use CVE-2013-2184 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRu3aQAAoJEBYNRVNeJnmT6kcQAJZ+RjBfcX9hSa1xoRF6kiaD 45aUTfgN28eLPKgWiIg86fN3YZDPmsQi6qMV/eYK/HS9zX0RZb4DZ7gjZMNgGF/X llvspzT6p0MmrskX9SNc/EYjYdgtZzJxlOoyEtoVG0GI8N6LjsKjbZPP/8mwNuoU oevlAowg2bkWNAeEXMrjhCbUfCGncHvUYozaP/e5XAM2UgQucDsozGftrzl/hqSj SURH4zd6lot+UncQf/+52U+hn/nmuPXZ2yYPZ5n0YMyPG7qKaehq+0qv/g+xTSAJ Z1v3s/y5M0aZtngnaCahALHekcwrSdhgB3U6OHQcqey+KDvjSYDIqiy+OTTbNac3 PRlad2xTP/k0Pd8sSNK5t/8PCvsuG8BhDxvlmz78fCJuDhxVQLT/e/ht+J2R2sLg Y7C6IPTkK0CQbnjzwddx3oSN234Yx0M8BrvY8M0s556NmS1MLTn1WsaSv0GERfEx dH4+N8UyRr+Qmwk4ftMYEFj3/ZlIsoAOamhExIx8zDq76nf8Xny9/bDOQ0XDX+Zt J6KAPHsQpgTLA94w3GY8ZxkgguriZ4fZkvFSG1ml6/K5ZpGTMve5oi9FEpkn5tTg YAxIWd4pYCM16mbsW4BD1xmuciM6BpEigByhLEx06G5TMbgxi7JhJnKr/10s03jh QRxtX1QAKEDkeCQF9FE9 =pLY5 -----END PGP SIGNATURE-----
Current thread:
- CVE request: MovableType before 5.2.6 John Lightsey (Jun 13)
- Re: CVE request: MovableType before 5.2.6 Kurt Seifried (Jun 14)