oss-sec mailing list archives
Re: CVE Request - cups, dovecot-managesieve, perl, wireshark
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 1 Dec 2008 11:36:45 -0500 (EST)
CVE-2008-5286 - CUPS PNG overflow CVE-2008-5301 - dovecot-managesieve directory traversal CVE-2008-5302, CVE-2008-5303 - Perl issues (read details below) CVE-2008-5285 - Wireshark SMTP DoS Regarding the Perl issues: as seen in this list and elsewhere, there seems to be a ton of confusion about which CVE's were originally fixed (or not), and which CVE's have since reappeared (or not), and which versions of Perl and File::Path are or are not affected, plus Eygene's commentary on other race conditions. I've chosen to anchor the CVE descriptions based on Niko Tyni's commentary in http://www.gossamer-threads.com/lists/perl/porters/233695#233695 and have blended in some other comments, so hopefully we have a reasonable place to start from. - Steve ====================================================== Name: CVE-2008-5285 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5285 Reference: BUGTRAQ:20081122 [SVRT-04-08] Vulnerability in WireShark 1.0.4 for DoS Attack Reference: URL:http://www.securityfocus.com/archive/1/archive/1/498562/100/0/threaded Reference: FULLDISC:20081122 [SVRT-04-08] Vulnerability in WireShark 1.0.4 for DoS Attack Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065840.html Reference: MLIST:[oss-security] 20081124 CVE Request -- wireshark Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/24/1 Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=472737 Reference: FRSIRT:ADV-2008-3231 Reference: URL:http://www.frsirt.com/english/advisories/2008/3231 Reference: SECTRACK:1021275 Reference: URL:http://www.securitytracker.com/id?1021275 Reference: SECUNIA:32840 Reference: URL:http://secunia.com/advisories/32840 Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop. ====================================================== Name: CVE-2008-5286 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5286 Reference: CONFIRM:http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt Reference: CONFIRM:http://www.cups.org/str.php?L2974 Reference: MLIST:[oss-security] 20081201 (sort of urgent) CVE Request -- cups (repost) Reference: URL:http://www.openwall.com/lists/oss-security/2008/12/01/1 Reference: BID:32518 Reference: URL:http://www.securityfocus.com/bid/32518 Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. ====================================================== Name: CVE-2008-5301 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5301 Reference: MLIST:[Dovecot] 20081117 ManageSieve SECURITY hole: virtual users can edit scripts of other virtual users (all versions) Reference: URL:http://www.dovecot.org/list/dovecot/2008-November/035259.html Reference: FRSIRT:ADV-2008-3190 Reference: URL:http://www.frsirt.com/english/advisories/2008/3190 Reference: SECUNIA:32768 Reference: URL:http://secunia.com/advisories/32768 Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name. ====================================================== Name: CVE-2008-5302 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5302 Reference: MLIST:[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/28/2 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 Reference: MISC:http://www.gossamer-threads.com/lists/perl/porters/233695#233695 Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions. ====================================================== Name: CVE-2008-5303 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5303 Reference: MLIST:[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/28/2 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 Reference: MISC:http://www.gossamer-threads.com/lists/perl/porters/233695#233695 Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to allows local users to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
Current thread:
- CVE Request - cups, dovecot-managesieve, perl, wireshark Jan Lieskovsky (Nov 28)
- Re: CVE Request - cups, dovecot-managesieve, perl, wireshark Jan Lieskovsky (Nov 28)
- Re: CVE Request - cups, dovecot-managesieve, perl, wireshark Eygene Ryabinkin (Nov 30)
- Re: CVE Request - cups, dovecot-managesieve, perl, wireshark Eygene Ryabinkin (Nov 30)
- Re: CVE Request - cups, dovecot-managesieve, perl, wireshark Steven M. Christey (Dec 01)
- Re: CVE Request - cups, dovecot-managesieve, perl, wireshark Eygene Ryabinkin (Dec 02)
- Re: CVE Request - cups, dovecot-managesieve, perl, wireshark Eygene Ryabinkin (Nov 30)
- Re: CVE Request - cups, dovecot-managesieve, perl, wireshark Jan Lieskovsky (Nov 28)