Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Mon, 29 Sep 2008 20:22:16 +1000
From: Steffen Joeris <steffen.joeris@...lelinux.de>
To: oss-security@...ts.openwall.com
Subject: CVE id request: ftpd

Hi

There seems to be a Cross-site request forgery[0] in ftpd.
Upstream used these patches[1][2] to address the issue. There are also two 
Debian Bugreports[3][4] for this issue.
Could I please get a CVE id for this?

Cheers
Steffen

[0]: 
http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064697.html

[1]: 
http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.50&r2=1.51&f=h

[2]: 
http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.51&r2=1.52&f=h

[3]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500518

[4]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500278

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ