oss-sec mailing list archives

Re: CVE Request -- Beanstalkd (prior v1.4.6) -- Improper sanitization of job body (job payload data)

From: Josh Bressers <bressers () redhat com>
Date: Thu, 3 Jun 2010 14:58:27 -0400 (EDT)

Please use CVE-2010-2060 for this.

Thanks.

-- 
    JB


----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:

Hi Steve, vendors,

   Graham Barr reported that beanstalkd v1.4.5 and earlier,
improperly
sanitized job data, sent together with put command from client.
A remote attacker, providing a specially-crafted job data in request,
could use this flaw to bypass intended beanstalk client commands
dispatch mechanism, leading to unauthorized execution of beanstalk
client commands.

References:
   [1]
http://kr.github.com/beanstalkd/2010/05/23/1.4.6-release-notes.html
   [2] http://bugs.gentoo.org/show_bug.cgi?id=322457

Upstream changeset:
   [3]
http://github.com/kr/beanstalkd/commit/2e8e8c6387ecdf5923dfc4d7718d18eba1b0873d

Could you allocate a CVE id for this?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- Beanstalkd (prior v1.4.6) -- Improper sanitization of job body (job payload data) Jan Lieskovsky (Jun 02)
- Re: CVE Request -- Beanstalkd (prior v1.4.6) -- Improper sanitization of job body (job payload data) Josh Bressers (Jun 03)