Re: CVE request: MovableType before 5.2.6

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/13/2013 09:50 PM, John Lightsey wrote:
> Hi everyone,
>
> The 5.2.6 release of MovableType fixed a vulnerability in the handling
> of comments to blog posts. The 'comment_state' parameter is processed by
> MovableType's unserialize() function which can be used to send data into
> Storable::thaw().
>
>
> As documented by the perl-security team recently, Storable::thaw is
> unsafe to use on untrusted inputs.
>
> http://perl5.git.perl.org/perl.git/commit/664f237a84176c09b20b62dbfe64dd736a7ce05e
>
>
> The MovableType 5.2.6 release notes document the fix for this
> vulnerability as:
>
> "109458 Currently un-used parameters are unintentionally deleted when a
> comment is posted"
>
> http://www.movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html

Please use CVE-2013-2184 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRu3aQAAoJEBYNRVNeJnmT6kcQAJZ+RjBfcX9hSa1xoRF6kiaD
45aUTfgN28eLPKgWiIg86fN3YZDPmsQi6qMV/eYK/HS9zX0RZb4DZ7gjZMNgGF/X
llvspzT6p0MmrskX9SNc/EYjYdgtZzJxlOoyEtoVG0GI8N6LjsKjbZPP/8mwNuoU
oevlAowg2bkWNAeEXMrjhCbUfCGncHvUYozaP/e5XAM2UgQucDsozGftrzl/hqSj
SURH4zd6lot+UncQf/+52U+hn/nmuPXZ2yYPZ5n0YMyPG7qKaehq+0qv/g+xTSAJ
Z1v3s/y5M0aZtngnaCahALHekcwrSdhgB3U6OHQcqey+KDvjSYDIqiy+OTTbNac3
PRlad2xTP/k0Pd8sSNK5t/8PCvsuG8BhDxvlmz78fCJuDhxVQLT/e/ht+J2R2sLg
Y7C6IPTkK0CQbnjzwddx3oSN234Yx0M8BrvY8M0s556NmS1MLTn1WsaSv0GERfEx
dH4+N8UyRr+Qmwk4ftMYEFj3/ZlIsoAOamhExIx8zDq76nf8Xny9/bDOQ0XDX+Zt
J6KAPHsQpgTLA94w3GY8ZxkgguriZ4fZkvFSG1ml6/K5ZpGTMve5oi9FEpkn5tTg
YAxIWd4pYCM16mbsW4BD1xmuciM6BpEigByhLEx06G5TMbgxi7JhJnKr/10s03jh
QRxtX1QAKEDkeCQF9FE9
=pLY5
-----END PGP SIGNATURE-----