oss-sec mailing list archives

Re: CVE-request: SilverStripe before 2.4.4


From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 30 Apr 2012 13:56:59 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/30/2012 12:47 AM, Henri Salo wrote:
Can I get 2011 CVE-identifiers for SilverStripe issues fixed in
2.4.4:

http://www.silverstripe.org/security-releases/

SQL information disclosure, SQL injection in Translatable
extension, Cross Site Request Forgery in various CMS interfaces,
XSS in controller action handling

Requested originally in http://seclists.org/oss-sec/2011/q1/12 but
never got assigned. I can collect information about other versions
too and request missing CVE-identifiers, but that will take some
time.

- Henri Salo

Ok went through the list a bit, the latest one already exists,
assigned the 2011's:

========================================

31 January 2012
SilverStripe v2.4.7 - XSS in text transformations on templates and
page title saving in CMS (details)
SilverStripe v2.3.13 - See 2.4.7 (details)
(already assigned) CVE-2012-0976        Cross-site scripting (XSS)
vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote
authenticated users with Content Authors privileges to inject
arbitrary web script or HTML via the Title parameter. NOTE: some of
these details are obtained from third party information.

========================================

18 October 2011
SilverStripe v2.4.6 - XSS in anchor links, possible SQL injection with
far eastern encodings, possible remote code execution through page
comments (details)
SilverStripe v2.3.12 - See 2.4.6 (details)

CVE-2011-4958 Security: Cross-site scripting on anchor links

CVE-2011-4959 Security: Possible SQL injection for MySQL when using
far east character encodings

CVE-2011-4960 Security: SQL injection in Folder::findOrMake()
parameter (used mostly in author-only CMS through Upload::load())

CVE-2011-4961 Security: Privilege escalation from EDIT_PERMISSIONS to
ADMIN for users access to the CMS (through Member->getCMSFields() and
TreeMultiselectField)

CVE-2011-4962 Security: Potential remote code execution through
serialization of page comment user submissions

========================================

I'll assign the 2010's when I get some more 2010 CVE's.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPnu6LAAoJEBYNRVNeJnmTKHQP/08l9r0+iXd4t3qXt1Nw3IRt
Bwly+oIkAnHRDtklXujsnPuiCL2aYCTH5YpUxdXv+1GJm0sTdMnBFbeQwxZGJw4F
v2GMewANR2j8+IIRY8UoLcVA+sMFMR+ELVnD2QFZZvxUwm7XX8f3T0Iy3WhM9xrP
IQSTNFpptLscAI4vf2/53pUVDWgerYfc8MT1IW8IbOIn5xGEyXLOv1Fa/PFTzw1i
Z0zS2sNe5LUDJzqFgMDcDu0ZufBrulPphYk0JqjD059jjCsEJo6faczc3z+1CJqu
KxZNaJDh+bm5XoQE+Wed9oSjoX1JVRyShliyHwxGBV3o1A170y5Tx3gzVmRWA71n
lZXDRSzI3qeyCytz5hywDLcXTuqukL/hsXBf49OpjahZTLAt7gIavXyD3HFhiuuD
Ctjqm/yDsg1GY9jJiyemxBoowC3mA4FVoGo3Czx3tLFZLiJWVvxwg3UUDthFhcM0
5f4mlo/N8LhQ2nCqNlLc7VMcakL97FgRlK1U9kSFU+Mqv3Rrne3xeqrB6I9Fc9Wl
Jo6+hOu2vet2gDJ/1wEurXmemZN/2Qhpar7ckzhV+h9UxmURMtMXiAAYjUxFxRPl
GJ4ujhI24FQAIkBmDmry5Od3Hpd9ZxmxVBp+GX5vNqGsT7UA7p/LGyKf+nWCNmLY
Akvwi3mOmFNdTCLDajBA
=as6p
-----END PGP SIGNATURE-----


Current thread: