Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <Pine.GSO.4.64.1004061119250.11220@faron.mitre.org>
Date: Tue, 6 Apr 2010 11:41:33 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: jmm@...til.org, "Steven M. Christey" <coley@...us.mitre.org>,
        bressers@...hat.com
Subject: Re: CVE Request -- Zabbix v1.8.2 and v.1.6.9


On Sat, 3 Apr 2010, Tomas Hoger wrote:

>>> Use CVE-2010-1144 for this one
>>
>> Josh, in a later mail you've assigned the same ID to a libnids issue:
>
> Looks like a wrong id used in libnids mail as, according to notes, the
> assignment should be:
>
> CVE-2010-0751 libnids v1.24 -- Null pointer dereference
> CVE-2010-1144 Zabbix <= 1.8.1 SQL Injection
> CVE-2010-1145 Zabbix remote commands execution in Zabbix Server

CVE-2010-1144 is in active use for both Zabbix and libnids, so that 
identifier will have to be rejected outright.

Keep CVE-2010-0751 for libnids.

I also assigned CVE-2010-1277 to use for the Zabbix SQL injection.

See below for clarification.

- Steve

======================================================
Name: CVE-2010-0751
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0751
Reference: MISC:http://xorl.wordpress.com/2010/04/04/libnids-ip-fragmentation-remote-null-pointer-dereference/
Reference: CONFIRM:http://freefr.dl.sourceforge.net/project/libnids/libnids/1.24/libnids-1.24.releasenotes.txt
Reference: FEDORA:FEDORA-2010-5535
Reference: URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038375.html
Reference: FEDORA:FEDORA-2010-5545
Reference: URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038388.html
Reference: FEDORA:FEDORA-2010-5562
Reference: URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038410.html
Reference: BID:39142
Reference: URL:http://www.securityfocus.com/bid/39142
Reference: SECUNIA:39225
Reference: URL:http://secunia.com/advisories/39225
Reference: SECUNIA:39249
Reference: URL:http://secunia.com/advisories/39249
Reference: VUPEN:ADV-2010-0777
Reference: URL:http://www.vupen.com/english/advisories/2010/0777
Reference: VUPEN:ADV-2010-0791
Reference: URL:http://www.vupen.com/english/advisories/2010/0791
Reference: XF:libnids-ipfragment-dos(57428)
Reference: URL:http://xforce.iss.net/xforce/xfdb/57428

The ip_evictor function in ip_fragment.c in libnids 1.24, as used in
dsniff and possibly other products, allows remote attackers to cause a
denial of service (NULL pointer dereference and crash) via crafted
fragmented packets.


======================================================
Name: CVE-2010-1144
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1144

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2010-0751,
CVE-2010-1277.  Reason: this candidate was intended for one issue, but
it was accidentally assigned to two different issues, one for libnids
and another for Zabbix.  Notes: All CVE users should consult
CVE-2010-0751 (libnids) and CVE-2010-1277 (Zabbix) to determine which
ID is appropriate.  All references and descriptions in this candidate
have been removed to prevent accidental usage.


======================================================
Name: CVE-2010-1277
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1277
Reference: BUGTRAQ:20100401 Zabbix <= 1.8.1 SQL Injection
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/510480/100/0/threaded
Reference: FULLDISC:20100401 Zabbix <= 1.8.1 SQL Injection
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0001.html
Reference: MISC:http://legalhackers.com/advisories/zabbix181api-sql.txt
Reference: MISC:http://legalhackers.com/poc/zabbix181api.pl-poc
Reference: MISC:http://www.zabbix.com/rn1.8.2.php
Reference: BID:39148
Reference: URL:http://www.securityfocus.com/bid/39148
Reference: OSVDB:63456
Reference: URL:http://www.osvdb.org/63456
Reference: SECUNIA:39119
Reference: URL:http://secunia.com/advisories/39119
Reference: VUPEN:ADV-2010-0799
Reference: URL:http://www.vupen.com/english/advisories/2010/0799

SQL injection vulnerability in the user.authenticate method in the API
in Zabbix 1.8 before 1.8.2 allows remote attackers to execute
arbitrary SQL commands via the user parameter in JSON data to
api_jsonrpc.php.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.