oss-sec mailing list archives
CVE Request: Juju phpmyadmin charm
From: Seth Arnold <seth.arnold () canonical com>
Date: Wed, 29 Jan 2014 15:16:17 -0800
Hello Kurt, vendors, MITRE, Please assign a CVE for the following issue: I discovered a potentially unsafe use of PHP's preg_replace() /e option in the Juju charm phpmyadmin: $xml = simplexml_load_string(preg_replace("/(<\/?)media\:content([^>]*>)/e", '', str_replace('media:hash', 'hash', file_get_contents('https://sourceforge.net/api/file/index/project-id/23067/mtime/desc/limit/40/rss')))); An attacker able to spoof ARP, DNS, or BGP, or control any of the routers between the client and sourceforge.net, or control over the sourceforge project or sourceforge servers, would be in a position to insert likely aribtrary code into the PHP interpreter. The full source of this file can be found at: http://bazaar.launchpad.net/~charmers/charms/precise/phpmyadmin/trunk/view/head:/bin/parse_upstream I have reported the bug to: https://bugs.launchpad.net/charms/+source/phpmyadmin/+bug/1274264 The problem appears to have been introduced in revision 18. No fix is currently available. Thanks
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE Request: Juju phpmyadmin charm Seth Arnold (Jan 29)
- Re: CVE Request: Juju phpmyadmin charm dawg (Jan 29)
- Re: CVE Request: Juju phpmyadmin charm Seth Arnold (Jan 29)
- Re: CVE Request: Juju phpmyadmin charm dawg (Jan 29)