oss-sec mailing list archives

Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug

From: Raphael Geissert <geissert () debian org>
Date: Fri, 02 Jul 2010 11:45:20 -0500

Hi Jan, everyone,

Jan Lieskovsky wrote:

   Luigi Auriemma reported:
   [1] http://aluigi.altervista.org/adv/mumbleed-adv.txt

a deficiency in the way Mumble server processed malformed SQL query data.
A remote, authenticated user could use this flaw to cause denial of
service (mumble server termination) via specially-crafted QueryUsers Qt
SQLite SQL query.


He also reported another vulnerability in Qt4's SSL support:
http://aluigi.altervista.org/adv/qtsslame-adv.txt

(reported to the Debian maintainers in http://bugs.debian.org/587711)

Could a CVE be assigned for this other issue too?

Thanks.

Regards,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Current thread:

CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Jan Lieskovsky (Jul 02)
- Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Luigi Auriemma (Jul 02)
- Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Raphael Geissert (Jul 02)
  - Re: Qt SSL endless loop Ludwig Nussel (Jul 16)
    - Re: Qt SSL endless loop Josh Bressers (Jul 16)
    - Re: Qt SSL endless loop Vincent Danen (Jul 16)
    - Re: Qt SSL endless loop Ludwig Nussel (Jul 19)
    - Re: Qt SSL endless loop Vincent Danen (Jul 19)
    - Re: Qt SSL endless loop Steven M. Christey (Aug 20)
    - Re: Qt SSL endless loop Vincent Danen (Aug 20)
- Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Josh Bressers (Jul 02)