oss-sec mailing list archives

Re: CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 28 Nov 2011 08:22:46 -0700

On 11/27/2011 10:21 AM, Jan Lieskovsky wrote:

Hello Kurt, Steve, vendors,

  a format string flaw was found in the Python CGI Kit (neo_cgi)
module of ClearSilver, a language-neutral HTML templating system,
processed certain input, leading to Common Gateway Interface (CGI)
script errors. A remote attacker could provide a specially-crafted
input, which once processed by an application, using the Python
language API of ClearSilver neo_cgi module, could lead to that
particular application crash, or, potentially arbitrary code
execution with the privileges of the user running the application.

References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649322
[2] https://bugzilla.redhat.com/show_bug.cgi?id=757542

Patch, proposed by the issue reporter to the Debian Bug Tracking System:
[3]
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=fix-cgi-error-format-security.patch;att=1;bug=649322

Could you allocate a CVE id for this issue?

Thank you && Regards, Jan.
-- 
Jan iankko Lieskovsky / Red Hat Security Response Team

Please use CVE-2011-4357 for this issue.

-- 

-Kurt Seifried / Red Hat Security Response Team

Current thread:

CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module Jan Lieskovsky (Nov 27)
- Re: CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module Colin Watson (Nov 27)
- Re: CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module Kurt Seifried (Nov 28)