Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <20140911072847.E536E1F075E@smtpksrv1.mitre.org>
Date: Thu, 11 Sep 2014 03:28:47 -0400 (EDT)
From: cve-assign@...re.org
To: henri@...v.fi
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: TYPO3 extensions

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

TYPO3-EXT-SA-2014-006
powermail
Captcha Bypass
CVE-2014-6288


TYPO3-EXT-SA-2014-005
same Ajax dispatcher in pt_extbase and yag
Access Bypass
CVE-2014-6289


TYPO3-EXT-SA-2014-003
tt_news
Insecure Unserialize
CVE-2014-6290


TYPO3-EXT-SA-2014-002
alpha_sitemap Cross-Site Scripting  CVE-2014-6291
femanager Privilege Escalation      CVE-2014-6292
ke_stats SQL Injection              CVE-2014-6293
outstats Cross-Site Scripting       CVE-2014-6294

> Problem Description: The extension smarty bundles the template engine smarty.
> Old versions of this library are known to be vulnerable to arbitrary php file
> include via template source file.

We're not sure whether a CVE request was intended for this. Here, the
wording "via template source file" would typically mean an attack
vector, but maybe what is meant is that a template source file is the
vulnerable file. If the scenario were something like "the extension
enables an attack by accepting template source files from untrusted
parties in a way that is unintended by Smarty," then the extension
could be considered the primary affected product and could have its
own CVE ID for this issue. If this Problem Description text is
intended to mean that Smarty is the primary affected product, then a
CVE for the previously known issue in Smarty might already exist. If
anyone knows the best reference for "Old versions of this library are
known to be vulnerable," that could help resolve the question.

wec_map SQL Injection               CVE-2014-6295
wec_map Cross-Site Scripting        CVE-2014-6296


TYPO3-EXT-SA-2014-001
mm_forum
Cross-Site Scripting CVE-2014-6297
upload arbitrary files ... Code Execution by uploading PHP files CVE-2014-6298
CSRF CVE-2014-6299

> One CVE might be enough as per same reporters and fixed in version.

We typically cannot combine the different flaw types into one CVE. We
could combine them into one CVE if CSRF were the single root cause of
all of the issues, but nobody has reported that here, and it seems
relatively unlikely.


> Can I get 2013 CVE for TYPO3-EXT-SA-2013-014
> direct_mail exposes user data including the original authentication code

CVE-2013-7400

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUEU6+AAoJEKllVAevmvmsWT8H/jpM07K0kv8DX/LiVleIWagI
zm4vq8G9QHzOqUwiD88yTtqhNgOkfifuudWpKLQ9Af4HHhGKZzKaSS/UWdxkDjId
Ymfca2z7Ug6OSI2rujGUShga1pHhzyuKXvWuj0HzjWbI+AQ37lFxoNkIPJ8UTKIZ
lOask4pVXxldhs7gFUIu5H4g0CvI9KQR9P+AnEC8cjlOJOh96CwFTD0OIkz2teVT
i9ZP9GS+40lr1Jx3iENAdZIH1XbgCciNWG5hkMFj/2ytAs31mHR8Tr2ZY/IzvEi+
f89BTObrb9o+ecfHnfrsnlPU/9pZ6rUFe+HIPPfHnVHl4/BRjoeGPeJ7hdj75Ns=
=1pSZ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.