oss-sec mailing list archives
CVE Request -- fwknop 2.0.3: Multiple security issues
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 19 Sep 2012 14:10:39 -0400 (EDT)
Hello Kurt, Steve, vendors, multiple securit issues have been corrected in 2.0.3 upstream version of fwknop (http://www.cipherdyne.org/blog/categories/software-releases.html): --------------------------------------------------------------------------- 1) multiple DoS / code execution flaws: Upstream patch: [1] http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=d46ba1c027a11e45821ba897a4928819bccc8f22 2) server did not properly validate allow IP addresses from malicious authenticated clients Upstream patch: [2] http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=f4c16bc47fc24a96b63105556b62d61c1ba7d799 3) strict filesystem permissions for various fwknop files are not verified 4) local buffer overflow in --last processing with a maliciously constructed ~/.fwknop.run file Upstream patch: [3] http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=a60f05ad44e824f6230b22f8976399340cb535dc For the remaining ones: ======================= 5) several conditions in which the server did not properly throw out maliciously constructed variables in the access.conf file Upstream patch: [4] http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=e2c0ac4821773eb335e36ad6cd35830b8d97c75a Note: This doesn't look like a security flaw (previously possible to provide malicious values to access.conf file, but I assume it would required administrator privileges). 6) [test suite] Added a new fuzzing capability to ensure proper server-side input validation. Note: Test-suite add-on, no CVE needed. 7) Fixed RPM builds by including the $(DESTDIR) prefix for uninstall-local and install-exec-hook stages in Makefile.am. Upstream patch: [5] http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=c5b229c5c87657197b0c814ff22127d870b55753 Note: Also doesn't look like a fix for a security flaw. Could you allocate CVE ids for issues 1), 2), 3), and 4) ? [Cc-ed Damien and Michael from fwknop upstream to confirm they {the first four} should receive a CVE identifier]. Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- fwknop 2.0.3: Multiple security issues Jan Lieskovsky (Sep 19)
- Re: CVE Request -- fwknop 2.0.3: Multiple security issues Michael Rash (Sep 19)
- Re: Re: CVE Request -- fwknop 2.0.3: Multiple security issues Kurt Seifried (Sep 19)
- Re: CVE Request -- fwknop 2.0.3: Multiple security issues Kurt Seifried (Sep 19)
- Re: CVE Request -- fwknop 2.0.3: Multiple security issues Michael Rash (Sep 19)
- Re: CVE Request -- fwknop 2.0.3: Multiple security issues Michael Rash (Sep 19)