Re: Re: zenoss issues

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/24/2012 04:04 AM, Thomas Pollet wrote:
> Hi,
>
> I have found that zenoss displays snmp output like syslocation
> unfiltered in the web interface. 
> http://jira.zenoss.com/jira/browse/ZEN-3192 I suspect there are
> many more bugs in this package.
>
> Regards, Thomas
>
> On 24 August 2012 09:33, Thomas Pollet <thomas.pollet () gmail com>
> wrote:
>
> > Hello,
> >
> > I have found xss and command execution problems with zenoss. I
> > created a bugreport which can be found at 
> > http://jira.zenoss.com/jira/browse/ZEN-3183 . However the zenoss 
> > developers don't seem to be able to reproduce the issues.
> >
> > Another issue, reported by Emanuel Bronshtein can be found at 
> > http://jira.zenoss.com/jira/browse/ZEN-3153
> >
> > Regards, Thomas Pollet

Just a reminder that no public links have been posted, if you could
please do so I will assign a CVE #.



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQO6/SAAoJEBYNRVNeJnmTKIQQALkZNy/lAiXL6Pit0kTJkdwq
0emVwdBJ37QhxFTZc61yt6dSxgQRIjhbn9SLiGMkVR58UqVU/e5FbXxZZgGUYT/5
JQEvzZ8UuS0GiPD5zqtmT2rXbA9BEDnmxPaIeHY9gisMAaRvR8cMNc9htS6X+Hqu
BN9rFgHcNN8VwZ1yuB6VHxZLLncTUgmYW69tbKu7OU/1WSmyE6MmW/OVKiopv373
/w61EAL2NYhw0IFa8eLUnoJEQPNg75VkJ5SKsb9SEaZPCDdSQ8SUEGMDVQX1Pqu3
ieYJZ6uNrveZk2hkAb8oXt+/V4rokjUpfuP+xWxm1GYuSE0jBwzv0VmK2URuj2GI
TWUq4+ROLEA+u+Sp7LaD64VPG+LLZuJ2sPSGx5/Ug23I1qYYkYSJ0IjAsQf9rISz
FCilwag7yFz+FUcSmZsj4j8cZtN7yB0cASgC8o/SuYbHnM0+D0zXxsB8r1f70XeM
ZBK6OJpsxxjAiutpSeneVbcIv4zZwcb+O89zvl/KltLwYsYi+fa/dxHzO3o3y+od
ZQTz69mCzDPucqjA5jaLhYtnbOHb/RnF2RpeOULyIVgKBPVVhEZz6ocbq6PHyjis
Rb9paATIJxDm0dHsAee0xnpYtpzn46/p6iWa35obUe6wdWfhdayCgqooVvW6iFax
G6yB9TZnlivN0wW4B46n
=k4hV
-----END PGP SIGNATURE-----