Home page logo
oss-sec logo
Open Source Security Mailing List

Discussion of security flaws, concepts, and practices in the Open Source community

List Archives


Latest Posts

CVE Request: smarty: secure mode bypass Salvatore Bonaccorso (Oct 22)

Can a CVE be assigned for the following smarty issue: upstream
released new version 3.1.21:

Changelog: https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt?r=4902

Debian Bugreport: https://bugs.debian.org/765920


CVE-2014-3712 Katello: user parameters passed to to_sym Kurt Seifried (Oct 22)
Jan Rusnacko of Red Hat reports:

Katello code exposes potential to_sym Denial of Service attack vector
from user input parameters. The two places identified are:



This type of...

CVE Request: systemd-shim DoS issue Marc Deslauriers (Oct 22)

systemd-shim version 8 shipped with a debugging clause enabled that may result
in a denial of service attack by local users.

Fixed by:

Could a CVE please be assigned to this issue?



[OSSA 2014-037] Nova VMware instance in resize state may leak (CVE-2014-8333) Tristan Cacqueray (Oct 21)
OpenStack Security Advisory: 2014-037
CVE: CVE-2014-8333
Date: October 21, 2014
Title: Nova VMware instance in resize state may leak
Reporter: Zhu Zhu (IBM)
Products: Nova
Versions: up to 2014.1.3

Zhu Zhu from IBM reported a vulnerability in Nova VMware driver. If an
authenticated user deletes an instance while it is in resize state, it
will cause the original instance to not be deleted. An attacker can use
this to launch a denial...

CVE-2014-3690: KVM DoS triggerable by malicious host userspace Andy Lutomirski (Oct 21)
[sorry for somewhat late notice -- I didn't notice that the patch was
public until just now]

KVM has a bug that allows malicious host user code that can open the
/dev/kvm device on a VMX (Intel) machine to DoS the system. (In my
proof of concept, the DoS is a rather spectacular failure of the whole
system, although I haven't checked whether the kernel panics. A more
refined exploit *might* be able to kill targetted user processes,...

Re: Vulnerabilities in WordPress Database Manager v2.7.1 cve-assign (Oct 21)

Use CVE-2014-8336.

Re: CVE request for vulnerability in OpenStack Nova cve-assign (Oct 21)
Use CVE-2014-8333 for this virt/vmwareapi/vmops.py race condition that
results in inadvertent preservation of the -orig instance.

AW: Multiple disputed issues in util-vserver Fiedler Roman (Oct 21)
Hello Carlos,











For code execution, I would guess, this should be less of a risk. The only
thing, I could think of, is that if namespace separation is not completely
clean, that it might be somehow possible, that the guest process (uid=0)
being the parent of the host process finds some way to ptrace et al control
the host process.

DOS might be more likely, therefore a malicious...

Re: Multiple disputed issues in util-vserver Carlos Alberto Lopez Perez (Oct 20)
Is there any (practical) scenario in which an attacker that has
compromised an vserver guest could use this behavior to compromise or
execute code on the host (master)?

Can you please send me the PoC for this issue ?

If I understand correctly, this (and the previous one) are
CVE-2005-4890, isn't it?.


Halfdog (CC'ed) already suggested some possible solutions:...

Re: Re: Vulnerabilities in WordPress Database Manager v2.7.1 Larry W. Cashdollar (Oct 20)

My comments are below.

It seems to me this would be the best approach. I hadn’t considered it originally, but it
makes the most sense.

Re: Vulnerabilities in WordPress Database Manager v2.7.1 cve-assign (Oct 20)
Use CVE-2014-8334 for this issue involving shell metacharacters.

Use CVE-2014-8335 for this issue in which local users can see a
password by listing process arguments.

This report seems related to:

if ( preg_match( "/LOAD_FILE/i", $sql_query ) ) {

in the


commit. Our question here is whether this is best categorized as a

Re: [FD] [oss-security] CVE request: remote code execution in Android CTS Mario Vilas (Oct 20)
Seems to me like it was. Also, wouldn't a user who can edit those files
also be able to, for example, patch the executable files as well? I haven't
actually checked the file permissions but it seems like a reasonable

CVE request for vulnerability in OpenStack Nova Tristan Cacqueray (Oct 20)
A vulnerability was discovered in OpenStack (see below). In order to
ensure full traceability, we need a CVE number assigned that we can
attach to further notifications. This issue is already public, although
an advisory was not sent yet.

Title: Nova VMware instance in resize state may leak
Reporter: Zhu Zhu (IBM)
Products: Nova
Versions: up to 2014.1.3

Zhu Zhu from IBM reported a vulnerability in Nova VMware driver. If an...

RE: attacking hsts through ntp Bendler, Ehren (Oct 20)
The symmetric schemes do work, but due to data structure sizing only MD5 and SHA-1 hashed PSKs are supported:

They imply in the comments that it will take a new version of the NTP RFCs to get support for stronger hashing schemes.

-----Original Message-----
From: Stephen Röttger [mailto:stephen.roettger () gmail com]
Sent: Monday, October 20, 2014 5:17 AM
To: oss-security () lists openwall com

Re: attacking hsts through ntp Stephen Röttger (Oct 20)
The protocol from RFC 5906 is completely broken:

The symmetric schemes are probably fine but hard to set up. But it looks
like the NIST provides authenticated NTP:

More Lists

Dozens of other network security lists are archived at SecLists.Org.

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]