Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.64.1103021752050.24409@faron.mitre.org>
Date: Wed, 2 Mar 2011 17:55:17 -0500 (EST)
From: "Steven M. Christey" <coley@...-smtp.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: simple machines forum before 1.1.13


On Wed, 23 Feb 2011, Josh Bressers wrote:

> ----- Original Message -----
>> http://www.simplemachines.org/community/index.php?P=2fd5266e000b83407b05d142bd006d4a&topic=421547.0
>>
>> No useful info on the kind of vulnerability, just states "Several
>> security-related fixes"
>>
>
> Steve,
>
> Can MITRE take this one.

I almost gave this a single CVE for "multiple unspecified" but there's a 
readable patch file that gives more hints:
http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip


Reversing the patches suggests the following (assuming that ONLY security 
patches are included in the ZIP, as stated in the initial post).


CVE-2011-1127 - guest access to SSI.php

CVE-2011-1128 - "brute force" on Load.php

CVE-2011-1129 - ManageNews.php, probably XSS

CVE-2011-1130 - improper input validation for a number in
   $_REQUEST['start'] in QueryString.php, and also $start variable in
   Subs.php

CVE-2011-1131 - unspecified query issues in Search.php, related to 
$createTemporary variable.


- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.