oss-sec mailing list archives
Re: CVE-Request - pen issues
From: cve-assign () mitre org
Date: Thu, 13 Mar 2014 15:40:02 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
webfile = "/tmp/webfile.html";
2> /tmp/penctl.cgi
Use CVE-2014-2387 for both issues involving files in the /tmp directory.
3. When a control-socket is configured (via "-C ip:port" added to the pen command line) a user who can connect to that port can
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741370 there is no documentation implying that using a control-socket is dangerous.
pen.1 -C \fIport\fR Specifies a control port where the load balancer listens for commands.
This seems to be an opportunity for security improvement, not a vulnerability. It appears that the design goal was to listen for commands in a way that could be acceptable on a server with sufficiently restricted access, and not acceptable in arbitrary environments. "port where the load balancer listens for commands" seems sufficiently descriptive for a reasonable person to immediately wonder who can send commands. Furthermore, the example in question: sudo pen 4444 localhost:9000 -C 127.0.0.1:5043 suggests that the person is aware that "a control port" means a TCP port, not some other type of port with obvious permission-based restrictions. A CVE assignment could be made if there were an implementation error (e.g., the user specifies listening on 127.0.0.1 but the code actually listens on all interfaces). A CVE assignment might also be possible for some types of design problems, but they'd need to be considerably more surprising and the documentation would need to be considerably more misleading. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTIgjhAAoJEKllVAevmvmsvz4H/1zljdDh/JUE42uOb29uw1Mx /gCsx2tnLs5g/U8OHBC0YYHM4CdUHLmyWiKbG1aN7Hn1FpXb4js3VlncbyQEdkpt MSl13vQeDVdLdAUvXhg37sn+yhniT7x0/sSvy5dMB00fBNNUYDPFj4VZF16S/cv+ v06593VmtYw3EGwBJFtlgXv/cvqGZcSlu/f/Iv+m3tWQtcr8g/XjC5pwhUXMBtSa R2FSJRxpTMQHzRK/5TOZ6mEg/Nr2JCPgRhWHeg69BIaUFjX+/6J2WUTm/Jgmxolb auxQSiskVVuGifmUzkV2ZhD5y+4M1aZ0IO5HdjG8FdRT/cBnXbtYEImOuadA3ec= =nmY2 -----END PGP SIGNATURE-----
Current thread:
- CVE-Request - pen issues Steve Kemp (Mar 12)
- Re: CVE-Request - pen issues cve-assign (Mar 13)
- <Possible follow-ups>
- Re: Re: CVE-Request - pen issues Steve Kemp (Mar 13)