Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request - Snoopy incomplete fix for CVE-2008-4796
From: cve-assign () mitre org
Date: Fri, 18 Jul 2014 13:30:34 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

2002
http://sourceforge.net/p/snoopy/bugs/13/

It seems this allowed the most simple injections:
  https://example.com;id
  https://example.com/foo.html;id

Fixed in 2004 via:
http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.11

Use CVE-2002-2444.


2008
...
Followed by a similar fix for headers few days later, which probably
was not picked up by folks backporting the above commit as the fix for
this CVE:
http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27

Use CVE-2008-7313 for this vulnerability involving headers. This issue
exists because of an incomplete fix for CVE-2008-4796.


2014

http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/

Use CVE-2014-5008. This issue exists because of an incorrect fix for
CVE-2008-4796 (i.e., use of escapeshellcmd where escapeshellarg was
required).


https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706

Use CVE-2014-5009. This issue exists because of an incorrect fix for
CVE-2014-5008.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTyVl2AAoJEKllVAevmvmsVmgH/i8/r/RQYS5Bu/vzlDVjZbK/
vIjD4rUuUOJ+A75GOR5IjsHg0Ybh5nvx4eTHCTeQhFsNibKUqn8n6SIJlghbtx3C
H2rSGAN4B1+F/xa/3qTU0CAqsear/UqlwCbyD/VvSuS6plYYfk24/UcmDFZ7+N6P
fIf0JAx+0pBWB74s3BdMcSbJNW/19hVMF4vRfsmirTQUn9yjXlB8QyAEVsqw2qSU
T18YscFWBTrB2ifYBD14ku7wK+EFUBNdSsq2/Hykxroka+n2maZVJUpZmpEFSfzZ
jKtciy2Vw/lj/JuCZb02yqL3Lzjph6AYjNWjcbUWtXNPXajiYNMD85PsAtwhkBw=
=hYe5
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault