Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: multiple issues in Koha
From: cve-assign () mitre org
Date: Sun, 9 Feb 2014 19:49:16 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://koha-community.org/security-release-february-2014/

Issues fixed with the release:

[1] tools/pdfViewer.pl could be used to read arbitrary files on the server
(http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660)

my $tmpFileName = $cgi->param('tmpFileName');
open FH, "<$tmpFileName";

Use CVE-2014-1922 for this issue involving absolute path traversal.


[2] the staff interface help editor could be used to modify or create
arbitrary files on the server
(http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661)

edithelp.pl can be used to write arbitrary files to the server

To get it to write to /tmp, I had to count the number of directories
upward and add a few ..-s in order to get to the root of the server
and than to /tmp.

Included in the following releases: 3.8.23, 3.10.13, 3.12.10, and 3.14.3.


[3] member-picupload.pl could be used to write to arbitrary files on the server
(http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662)

open (my $upload_fh, '>', "$upload_dir/$filename");

Included in the following releases: 3.8.23, 3.10.13, 3.12.10, and 3.14.3.

Use CVE-2014-1923 for both the edithelp.pl issue (Bug 11661) and the
member-picupload.pl issue (Bug 11662), apparently directory traversal
issues.


[4] the MARC framework import/export function did not require
authentication, ...
(http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666)

Use CVE-2014-1924.


[4] the MARC framework import/export function ... could be used to
perform unexpected SQL commands
(http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666)

Use CVE-2014-1925.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJS+CGoAAoJEKllVAevmvmsqa4H/09BePODbfBm7UtPX/NTXeqh
K1W8Lrwy5nPotr129X8LPAxlXTGvpIZ/IFtrz+NpfoMSE1g8OEZcDiofZzlqDQ0d
FJ8032wXVCVRzLgOz/nQkMXdn8Koe0FgesPsXdivKFF3bGROnJ4O8DlIrk6NWoN0
P+dH7jL2u97KWIGzBoJaCw+9pYlKr2LHm+o7kyBINI9sYdqFdC6awrCVn4jnTrvg
5fGhGlIDdrIoQ3KD7lkR/rJRq0jLP3G8cb0W7kNyNQt4so9KzBJqrqb2Ix7TUJKk
mJhIaUua6SB2xtJI11ejCwVohphklCkbpow7G7mIvGbAufvzNeJY07AWhbnkb3w=
=Ru/L
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]