oss-sec mailing list archives
Re: CVE request: multiple issues in Koha
From: cve-assign () mitre org
Date: Sun, 9 Feb 2014 19:49:16 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
http://koha-community.org/security-release-february-2014/ Issues fixed with the release:
[1] tools/pdfViewer.pl could be used to read arbitrary files on the server (http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660)
my $tmpFileName = $cgi->param('tmpFileName');
open FH, "<$tmpFileName";
Use CVE-2014-1922 for this issue involving absolute path traversal.
[2] the staff interface help editor could be used to modify or create arbitrary files on the server (http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661)
edithelp.pl can be used to write arbitrary files to the server
To get it to write to /tmp, I had to count the number of directories upward and add a few ..-s in order to get to the root of the server and than to /tmp.
Included in the following releases: 3.8.23, 3.10.13, 3.12.10, and 3.14.3.
[3] member-picupload.pl could be used to write to arbitrary files on the server (http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662)
open (my $upload_fh, '>', "$upload_dir/$filename");
Included in the following releases: 3.8.23, 3.10.13, 3.12.10, and 3.14.3.
Use CVE-2014-1923 for both the edithelp.pl issue (Bug 11661) and the member-picupload.pl issue (Bug 11662), apparently directory traversal issues.
[4] the MARC framework import/export function did not require authentication, ... (http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666)
Use CVE-2014-1924.
[4] the MARC framework import/export function ... could be used to perform unexpected SQL commands (http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666)
Use CVE-2014-1925. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJS+CGoAAoJEKllVAevmvmsqa4H/09BePODbfBm7UtPX/NTXeqh K1W8Lrwy5nPotr129X8LPAxlXTGvpIZ/IFtrz+NpfoMSE1g8OEZcDiofZzlqDQ0d FJ8032wXVCVRzLgOz/nQkMXdn8Koe0FgesPsXdivKFF3bGROnJ4O8DlIrk6NWoN0 P+dH7jL2u97KWIGzBoJaCw+9pYlKr2LHm+o7kyBINI9sYdqFdC6awrCVn4jnTrvg 5fGhGlIDdrIoQ3KD7lkR/rJRq0jLP3G8cb0W7kNyNQt4so9KzBJqrqb2Ix7TUJKk mJhIaUua6SB2xtJI11ejCwVohphklCkbpow7G7mIvGbAufvzNeJY07AWhbnkb3w= =Ru/L -----END PGP SIGNATURE-----
Current thread:
- CVE request: multiple issues in Koha Galen Charlton (Feb 07)
- Re: CVE request: multiple issues in Koha cve-assign (Feb 09)