oss-sec mailing list archives

Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws

From: Andrew Nacin <nacin () wordpress org>
Date: Thu, 18 Jul 2013 16:36:55 -0400

On Thu, Jul 18, 2013 at 4:25 PM, Kurt Seifried <kseifried () redhat com> wrote:

This was brought to my attention by Jay Turla <shipcodez () gmail com>,
after some searching I found:

http://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html

and after testing (it works). So please use:

CVE-2013-4144 swfupload KedAns-Dz object injection
CVE-2013-4145 swfupload KedAns-Dz XSS
CVE-2013-4146 swfupload KedAns-Dz CSRF


CVE-2013-4145 (XSS) is actually CVE-2012-2399. And, CVE-2013-4146
(CSRF) seems to be just the potential for CSRF via XSS -- don't think
this is a separate issue.

Neither of those are reproducible in
https://github.com/wordpress/secure-swfupload.

We're aware of CVE-2013-4144 and intend to fix it soon, but it's
really tough to classify "image injection" as a serious vulnerability
without there being any actual XSS there to further trick the user.

Also alerting WordPress.


Thank you.

Current thread:

SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Kurt Seifried (Jul 18)
- Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin (Jul 18)
  - RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 18)
    - Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin (Jul 18)
    - RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 18)
    - Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Kurt Seifried (Jul 18)
    - Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Reed Loden (Jul 18)
    - RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 19)