Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4ECAC9D3.2010405@redhat.com>
Date: Mon, 21 Nov 2011 14:59:47 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Henri Salo <henri@...v.fi>
Subject: Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities

On 11/21/2011 02:30 PM, Henri Salo wrote:
> On Mon, Nov 21, 2011 at 02:23:49PM -0700, Kurt Seifried wrote:
>> On 11/21/2011 10:53 AM, Henri Salo wrote:
>>> Can I get CVE-identifier for this issue:
>>>
>>> http://archives.neohapsis.com/archives/fulldisclosure/current/0112.html
>>>
>>> Other references:
>>>
>>> http://osvdb.org/show/osvdb/76933
>>> http://osvdb.org/show/osvdb/76934
>>> http://osvdb.org/show/osvdb/76932
>>> http://secunia.com/advisories/46762/
>>>
>>> Best regards,
>>> Henri Salo
>> There appear to be two separate issues here, can you confirm this?
>>
>> -- 
>>
>> -Kurt Seifried / Red Hat Security Response Team
> I think this needs three different CVE-identifiers. Here is a description from Secunia and the last item seems critical.
>
> 1) Input passed to the "from" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
>
> 2) Input passed to the "page_no" parameter in recentchanges.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Ok merging these two issues (as per ADT4 specification)  please use
CVE-2011-4333 for this issue.

> 3) Input passed to the "userfile" POST parameter in edit.php is not properly verified before being used to upload files. This can be exploited to e.g. upload arbitrary PHP files with e.g. a ".gif" extension.
>
Please use CVE-2011-4334 for this issue.

> Best regards,
> Henri Salo


-- 

-Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.