Home page logo
/
oss-sec logo
Open Source Security Mailing List

Discussion of security flaws, concepts, and practices in the Open Source community

List Archives

Jan–MarApr–JunJul–SepOct–Dec
2014714151
2013777648688583
2012815578591549
2011640738550591
2010291376465383
2009250264272304
2008206390402358

Latest Posts

Re: Remote code execution in Pimcore CMS cve-assign (Apr 21)
Probably "attack methodology" wasn't the best phrase to use in the
http://openwall.com/lists/oss-security/2014/04/19/5 post because there
might be multiple common definitions.

The currently available exploit information is that an attack against
versions 1.4.9 to 2.0.0 (inclusive) can use
Zend_Pdf_ElementFactory_Proxy.

Also, an attack against versions 1.4.9 to 2.1.0 (inclusive) can use
Zend_Http_Response_Stream.

The details of a...

Re: Remote code execution in Pimcore CMS Pedro Ribeiro (Apr 20)
I agree the advisory is too ambiguous, let me state the facts for clarity:
- All versions suffer from the same flaw, passing user data to the
unserialize() function, therefore in theory it is possible to achieve
PHP code execution in all versions from 1.4.9 up to and including
2.1.0.
- At this point, I can only prove code execution in versions 1.4.9 and
1.4.10 with payload [1] under the condition of running under PHP 5.3.3
or lower.
- Version...

Re: Bug#744817: CVE request: insecure temporary file handling in clang's scan-build utility Sylvestre Ledru (Apr 20)
I am going to have a look next week. It should be trivial to fix.

Sylvestre

Re: Remote code execution in Pimcore CMS cve-assign (Apr 19)
MITRE currently doesn't look for "CVE request" in the Subject line.
For some posts, the right number of CVE IDs can be determined more
quickly than for others. So, in this case, we'll just ask for
additional information.

pimcore-2.1.0.txt says:

Payload [1] abuses several Zend classes to achieve remote code
execution

and then says:

payload [3] does not work on Pimcore versions between 2.0.1 and
2.1.0

Is it also...

CVE request: Fwd: Remote code execution in Pimcore CMS Pedro Ribeiro (Apr 19)
Resending this as it hasn't been picked up most likely because of the lack
of "CVE request" in the subject line.

Regards
Pedro
---------- Forwarded message ----------
From: "Pedro Ribeiro" <pedrib () gmail com>
Date: 14 Apr 2014 10:16
Subject: Remote code execution in Pimcore CMS
To: <oss-security () lists openwall com>
Cc: "Bernhard Rusch" <Bernhard.Rusch () elements at>

Hi,

I have...

Re: Request for linux-distros list membership rf (Apr 19)
Kurt> Well one comment/question on your advisories:

Kurt> https://qlustar.com/news/qsa-0131142-security-bundle

Kurt> Package(s) : see upstream description of individual package
Kurt> Affected versions: All versions prior to this update
Kurt> Vulnerability : see upstream description of individual package
Kurt> Problem type : see upstream description of individual package
Kurt>...

Re: CVE request: insecure temporary file handling in clang's scan-build utility cve-assign (Apr 19)
Use CVE-2014-2893.

[ other notes:

This doesn't seem to be independently exploitable.

Using default permissions is not necessarily wrong, from a CVE
perspective, in all development environments. See the
http://openwall.com/lists/oss-security/2014/03/09/1 post. In any case,
we're not currently making a separate CVE assignment for the
permissions issue. ]

CVE request / advisory: gdomap (GNUstep core package <= 1.24.6) Matthew Daley (Apr 19)
Hi,

I'd like to request a CVE ID for this issue. It was found in software
from GNUstep (www.gnustep.org), which develop an open-source
development framework and runtime for client and server applications.

This is the first such request and the issue is (now) public; this
message serves as an advisory as well.

Affected software: gdomap (GNUstep Distributed Objects nameserver)
Description: After receiving a crafted invalid request, gdomap...

Re: libmms heap-based buffer overflow fix cve-assign (Apr 18)
Use CVE-2014-2892.

Re: CVE Request - XXS in phpMyID (openid_error) cve-assign (Apr 18)
Use CVE-2014-2890.

Re: Request for linux-distros list membership Kurt Seifried (Apr 18)
Well one comment/question on your advisories:

https://qlustar.com/news/qsa-0131142-security-bundle

Package(s) : see upstream description of individual package
Affected versions: All versions prior to this update
Vulnerability : see upstream description of individual package
Problem type : see upstream description of individual package
Qlustar-specific : no
CVE Id(s) : see upstream description of individual package

Except...

CVE Request for Drupal Core Forest Monsen (Apr 18)
Hi there,

Please issue a CVE identifier for:

SA-CORE-2014-002 - Drupal core - Information Disclosure
https://drupal.org/SA-CORE-2014-002

Thanks!

Best,
Forest

Re: Request for linux-distros list membership rf (Apr 18)
Anthony> On 04/09/14 23:25, Solar Designer wrote:
>> On Wed, Apr 09, 2014 at 11:57:33PM -0600, Kurt Seifried wrote:
>>> So first off I'm inclined to have Amazon on the distros list
>>> (same reasons as Oracle basically).
>>>
>>> My only concern is are you the correct person, I have no clue
>>> who is on the Amazon security team for their Linux distribution,...

Re: Request for linux-distros list membership Anthony Liguori (Apr 18)
Ping. Apologies if this is being discussed in private but I just wanted
to make sure it wasn't forgotten. I believe we have provided all of the
information requested.

Regards,

Anthony Liguori

Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Reed Loden (Apr 18)
See the original advisory
(http://seclists.org/fulldisclosure/2014/Apr/240), which calls bash
command substitutions out as being handled already.

Specifically:

""""
The code is also making sure that arguments do not contain bash command
substitution i.e. $(ps aux)

if(strstr(macro_argv[x],"$(")) {
syslog(LOG_ERR,"Error: Request contained a bash command
substitution!"); return ERROR;...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]