Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1371181824.4354.16.camel@goat.lightspeed>
Date: Thu, 13 Jun 2013 22:50:24 -0500
From: John Lightsey <john@...nuts.net>
To: oss-security@...ts.openwall.com
Subject: CVE request: MovableType before 5.2.6

Hi everyone,

The 5.2.6 release of MovableType fixed a vulnerability in the handling
of comments to blog posts. The 'comment_state' parameter is processed by
MovableType's unserialize() function which can be used to send data into
Storable::thaw().


As documented by the perl-security team recently, Storable::thaw is
unsafe to use on untrusted inputs.

http://perl5.git.perl.org/perl.git/commit/664f237a84176c09b20b62dbfe64dd736a7ce05e


The MovableType 5.2.6 release notes document the fix for this
vulnerability as:

"109458 Currently un-used parameters are unintentionally deleted when a
comment is posted"

http://www.movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html


Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.