oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: OSClass directory traversal vulnerability

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 04 Apr 2012 10:41:02 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/03/2012 02:43 AM, Henri Salo wrote:

On Mon, Apr 02, 2012 at 11:45:12AM -0600, Kurt Seifried wrote:

The actual blog entry:
http://osclass.org/blog/2012/03/05/osclass-2-3-6/

doesn't mention anything about directory traversal. Do you have a
link on their site, or the commit showing the problem or the
fix?

-- Kurt Seifried Red Hat Security Response Team (SRT)


http://osclass.org/blog/2012/03/05/osclass-2-3-6/ "Special thanks
to Filippo Cavallarin again for reporting a security vulnerability
in combine.php file. If you’re using that file in your theme, I
strongly recommend to update it. Please, remember to visit the wiki
if you don’t know how to update OSClass."

Here is the diff:
https://github.com/osclass/OSClass/commit/09aa689ae424dc2bec6f857e7179ae4afdbbd2a9#diff-4



Full changelog: http://doc.osclass.org/Changelog


Fixed in 2.3.6.

- Henri Salo


Thanks Henri, that's exactly the kind of information CVE requests need =)

Please use CVE-2012-1617 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPfHmdAAoJEBYNRVNeJnmTyYgP/iqYXXfZRp1hnDZZwJPThFqC
CfV+eIaol1nzRZqYsyeeWFyXIM3IWOq8EKR15erAdQ4aQOt641SdE4QXysTc0FEd
WU+PdS7qOPDj4ToJ9aHQk+hyXJ+Dv7iae7C2i4dqT49CLPT6vPQvR5WpGDz9iNLg
OxB2lpPzXqPktiOLpqtSvQGsQfhs3cv3eWjU/XxpW9d/nTdnh2k968oVZAJ9NQo1
c+LY7S102i3JamQWKK2oEPHyG1qksM1PzPOAQxgpumuNbdbxW2z+jPEHlOk7csdD
7S757Pnw+zVJoMXmnLvLRjy5AhZ01OWMDXutAvfzuRLpTY+3hBO0M7eRA1HIOeWX
bdwhhXcdX6IgQalwEBpbIAiycMdoNagRIQg9rIaNtZUPKOaYEVKrivXM/djSGH51
FzoODhy8Q8wDFW16FSjy78CMtXu+t+jLON29QyZvRktf/XXatCf99iWHi3JNpKpj
dD+imFbYYaGXMCPR3fESsIw6IBH5JEa4zkrUMkKGsbwo7JHHkS4RRSzvC7nhsSsF
t4hawiAvgW/Ipe8gmkFSNZvhK+3AJqGall9xiIQuUkNBuEWgc/dazNuYQgMyC3ns
PzViz72meMUE1eMBTqIck18O3kPJe+C3IbdIpGd/niEzuCepYNt86h60Jxaokm+V
9iPDgi+3SkRsieKizSZ/
=4bO1
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: