oss-sec mailing list archives
Re: Re: CVE Request - roundcubemail
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 16 Dec 2008 20:31:51 -0500 (EST)
On Sat, 13 Dec 2008, Florian Weimer wrote:
* Ingrid wrote:Therefore, I agree with Raphael that the issue has not been found yet.
The general issue of /e in preg_replace is covered by CWE-624 Executable Regular Expression Error (http://cwe.mitre.org/data/definitions/624.html) which has a couple other CVE examples. I bet there's a chunk of these in various applications. I believe Perl has similar functionality. Use CVE-2008-5619 for the issue. Note there's a separate DoS issue, CVE-2008-5620. - Steve ====================================================== Name: CVE-2008-5619 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5619 Reference: MISC:http://trac.roundcube.net/ticket/1485618 Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=898542 Reference: CONFIRM:http://trac.roundcube.net/changeset/2148 Reference: FEDORA:FEDORA-2008-11220 Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00783.html Reference: FEDORA:FEDORA-2008-11234 Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00802.html Reference: MLIST:[oss-security] 20081212 CVE Request - roundcubemail Reference: URL:http://www.openwall.com/lists/oss-security/2008/12/12/1 Reference: SECUNIA:33170 Reference: URL:http://secunia.com/advisories/33170 html2text.php in RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. ====================================================== Name: CVE-2008-5620 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5620 Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=898542 RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.
Current thread:
- CVE Request - roundcubemail Jan Lieskovsky (Dec 12)
- Re: CVE Request - roundcubemail Raphael Geissert (Dec 13)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
- Re: Re: CVE Request - roundcubemail Steven M. Christey (Dec 16)
- Re: Re: CVE Request - roundcubemail Jan Lieskovsky (Dec 17)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 17)
- Re: Re: CVE Request - roundcubemail Steven M. Christey (Dec 24)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 28)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
- Re: CVE Request - roundcubemail Raphael Geissert (Dec 13)
- Re: Re: CVE Request - roundcubemail Jan Lieskovsky (Dec 15)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 15)
- Re: Re: CVE Request - roundcubemail Christian Hoffmann (Dec 15)
- Re: Re: CVE Request - roundcubemail Raphael Geissert (Dec 16)