oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request -- mlmmj -- Directory traversal flaw by editing and saving list entries via php-admin web interface

From: Josh Bressers <bressers () redhat com>
Date: Fri, 25 Jun 2010 12:45:27 -0400 (EDT)
----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:


Hi Steve, vendors,

   Florian Streibelt (yet in 2009) reported:
   [1] http://bugs.gentoo.org/show_bug.cgi?id=259968#c0

   a directory traversal flaw in the way mlmmj (Mailing List Managing
   Made Joyful), mailing list manager, processed users requests to edit
   and save list entries, originating from php-admin web interface. A
   remote, authenticated attacker could use these flaws to alter
   integrity of the system (write and / or delete arbitrary files) by
   providing a specially-crafted list variable content to the edit or
   save request.

   Florian, please correct me, if I mangled the attack scenario, and it's
   slightly different.

   Martin, Morten, are these two issues known upstream yet? Is there a
   patch for them already?

   Steve, could you please allocate two CVE-2009-XXXX CVE ids?  (One for
   1, 'edit' case, second for 2, 'save' case.) [Searching "Master Copy of
   CVE" for "mlmmj" keyword returned nothing for me.]



This should only need one ID. The flaw is unchecked input. Steve, if I'
mistaken, just yell.

CVE-2009-4896

Thanks

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: