From gtheall at tenable.com  Mon Mar  4 06:39:09 2013
From: gtheall at tenable.com (George Theall)
Date: Mon, 4 Mar 2013 12:39:09 +0000
Subject: [VIM] Piwigo 'dl' Parameter Directory Traversal Vulnerability
Message-ID: <318E6975-1050-4BBA-88D5-AA79BC7848D0@tenable.com>

There are two recent BIDs concerning a directory traversal vulnerability vulnerability addressed in 2.4.7 -- 58016, credited to Gjoko Krstic, and 58229, credited to HTBridge. According to http://piwigo.org/bugs/view.php?id=2843, the vulnerability was reported by HTBridge as well as Krstic. 

Rob / Venkat / whoever : does SecurityFocus plan to retire one of these?


George
-- 
theall at tenable.com


From Narayan_Agarwalla at symantec.com  Tue Mar  5 05:46:00 2013
From: Narayan_Agarwalla at symantec.com (Narayan Agarwalla)
Date: Tue, 5 Mar 2013 03:46:00 -0800
Subject: [VIM] Piwigo 'dl' Parameter Directory Traversal Vulnerability
In-Reply-To: <318E6975-1050-4BBA-88D5-AA79BC7848D0@tenable.com>
References: <318E6975-1050-4BBA-88D5-AA79BC7848D0@tenable.com>
Message-ID: <96CC6D276D1CC043905F0666B28DA2CB2AA1AAA7F2@APJ1XCHEVSPIN30.SYMC.SYMANTEC.COM>

Hi George,

BID 58016: Updated.
BID 58229: Retired as duplicate of 58016

Thanks and Regards,
Narayan

-----Original Message-----
From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On Behalf Of George Theall
Sent: Monday, March 04, 2013 6:09 PM
To: Vulnerability Information Managers
Subject: [VIM] Piwigo 'dl' Parameter Directory Traversal Vulnerability

There are two recent BIDs concerning a directory traversal vulnerability vulnerability addressed in 2.4.7 -- 58016, credited to Gjoko Krstic, and 58229, credited to HTBridge. According to http://piwigo.org/bugs/view.php?id=2843, the vulnerability was reported by HTBridge as well as Krstic. 

Rob / Venkat / whoever : does SecurityFocus plan to retire one of these?


George
-- 
theall at tenable.com


From coley at mitre.org  Wed Mar 13 15:35:27 2013
From: coley at mitre.org (Christey, Steven M.)
Date: Wed, 13 Mar 2013 20:35:27 +0000
Subject: [VIM] "CVENEW" messages to be posted to VIM during NVD outage
Message-ID: <FC72FC641B949240B947AC6F1F83FBAF09043DC6@IMCMBX01.MITRE.ORG>

As VIM subscribers probably know, the National Vulnerability Database
(NVD) is having a temporary outage.  At http://nvd.nist.gov/, NIST
says "We are working to restore service as quickly as possible."

Many people rely on NVD feeds to learn about newly-updated CVEs.  The
CVE web site does not provide such feeds, since that would duplicate
NVD functionality.

However, the CVE project sends notification emails for newly-updated
CVEs to a limited set of CVE-compatible users, often several times a
day.  Until NVD service is reliably restored, I will be posting these
"CVENEW" messages to the Vulnerability Information Managers (VIM)
list.  While they do not contain the extra data that NVD provides,
such as CVSS and CPE names, hopefully this will help some people to
monitor new CVEs.

Note that the VIM list is not the place to post general vulnerability
announcements; it is specifically designed for maintainers of
vulnerability databases and information services.


Regards,
Steve Christey
CVE Editor

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.attrition.org/pipermail/vim/attachments/20130313/b7f9c6c3/attachment-0001.html>

From jkouns at opensecurityfoundation.org  Wed Mar 13 15:45:59 2013
From: jkouns at opensecurityfoundation.org (Jake Kouns)
Date: Wed, 13 Mar 2013 16:45:59 -0400
Subject: [VIM] "CVENEW" messages to be posted to VIM during NVD outage
In-Reply-To: <FC72FC641B949240B947AC6F1F83FBAF09043DC6@IMCMBX01.MITRE.ORG>
References: <FC72FC641B949240B947AC6F1F83FBAF09043DC6@IMCMBX01.MITRE.ORG>
Message-ID: <CADnR671SuRbbP6X33wEmpf14so5O7WiQUn8aSvw_e3R6qN7RSA@mail.gmail.com>

It seems like NVD has been having trouble with availability for the
last several weeks.  How many outage have they had and what is the
total duration at this point?

On Wed, Mar 13, 2013 at 4:35 PM, Christey, Steven M. <coley at mitre.org> wrote:
> As VIM subscribers probably know, the National Vulnerability Database
>
> (NVD) is having a temporary outage.  At http://nvd.nist.gov/, NIST
>
> says "We are working to restore service as quickly as possible."
>
>
>
> Many people rely on NVD feeds to learn about newly-updated CVEs.  The
>
> CVE web site does not provide such feeds, since that would duplicate
>
> NVD functionality.
>
>
>
> However, the CVE project sends notification emails for newly-updated
>
> CVEs to a limited set of CVE-compatible users, often several times a
>
> day.  Until NVD service is reliably restored, I will be posting these
>
> "CVENEW" messages to the Vulnerability Information Managers (VIM)
>
> list.  While they do not contain the extra data that NVD provides,
>
> such as CVSS and CPE names, hopefully this will help some people to
>
> monitor new CVEs.
>
>
>
> Note that the VIM list is not the place to post general vulnerability
>
> announcements; it is specifically designed for maintainers of
>
> vulnerability databases and information services.
>
>
>
>
>
> Regards,
>
> Steve Christey
>
> CVE Editor
>
>

From coley at mitre.org  Wed Mar 13 15:53:20 2013
From: coley at mitre.org (coley at mitre.org)
Date: Wed, 13 Mar 2013 16:53:20 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/13 16:48 ; count=2
Message-ID: <201303132053.r2DKrK3k023546@cairo.mitre.org>

======================================================
Name: CVE-2013-0312
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0312
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: MISC:https://bugzilla.redhat.com/show_bug.cgi?id=912964
Reference: MISC:https://fedorahosted.org/389/ticket/571
Reference: CONFIRM:http://directory.fedoraproject.org/wiki/Releases/1.3.0.4
Reference: REDHAT:RHSA-2013:0628
Reference: URL:http://rhn.redhat.com/errata/RHSA-2013-0628.html
Reference: BID:58428
Reference: URL:http://www.securityfocus.com/bid/58428
Reference: SECUNIA:52279
Reference: URL:http://secunia.com/advisories/52279
Reference: SECUNIA:52568
Reference: URL:http://secunia.com/advisories/52568

389 Directory Server before 1.3.0.4 allows remote attackers to cause a
denial of service (crash) via a zero length LDAP control sequence.



======================================================
Name: CVE-2013-1469
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1469
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130129
Category: 
Reference: BUGTRAQ:20130227 Multiple Vulnerabilities in Piwigo
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2013-02/0153.html
Reference: EXPLOIT-DB:24561
Reference: URL:http://www.exploit-db.com/exploits/24561
Reference: MISC:http://packetstormsecurity.com/files/120592/Piwigo-2.4.6-Cross-Site-Request-Forgery-Traversal.html
Reference: MISC:http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5127.php
Reference: MISC:https://www.htbridge.com/advisory/HTB23144
Reference: CONFIRM:http://piwigo.org/bugs/view.php?id=0002843
Reference: CONFIRM:http://piwigo.org/forum/viewtopic.php?id=21470
Reference: CONFIRM:http://piwigo.org/releases/2.4.7

Directory traversal vulnerability in install.php in Piwigo before
2.4.7 allows remote attackers to read and delete arbitrary files via a
.. (dot dot) in the dl parameter.




From coley at mitre.org  Wed Mar 13 19:04:24 2013
From: coley at mitre.org (coley at mitre.org)
Date: Wed, 13 Mar 2013 20:04:24 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/13 20:00 ; count=1
Message-ID: <201303140004.r2E04ObP002282@cairo.mitre.org>

======================================================
Name: CVE-2013-1814
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1814
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: BUGTRAQ:20130312 [CVE-2013-1814] Apache Rave exposes User over API
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2013-03/0078.html
Reference: EXPLOIT-DB:24744
Reference: URL:http://www.exploit-db.com/exploits/24744/

The users/get program in the User RPC API in Apache Rave 0.11 through
0.20 allows remote authenticated users to obtain sensitive information
about all user accounts via the offset parameter, as demonstrated by
discovering password hashes in the password field of a response.




From jericho at attrition.org  Wed Mar 13 21:11:20 2013
From: jericho at attrition.org (security curmudgeon)
Date: Wed, 13 Mar 2013 21:11:20 -0500 (CDT)
Subject: [VIM] US national vulnerability database hacked (fwd)
Message-ID: <alpine.LNX.2.00.1303132110590.9589@forced.attrition.org>


Guess this explains the outage.

---------- Forwarded message ----------
From: Richard Forno <rforno at infowarrior.org>

US national vulnerability database hacked

http://www.theregister.co.uk/2013/03/14/us_malware_catalogue_hacked/

By Jack Clark in San Francisco ? Get more from this author

Posted in Security, 14th March 2013 01:17 GMT

The US government's online catalog of cyber-vulnerabilities has been taken 
offline ? ironically, due to a software vulnerability.

The National Institute of Standards and Technology's National 
Vulnerability Database's (NVD) public-facing website and other services 
have been offline since Friday due to a malware infection on two web 
servers, it emerged on Wednesday.

The Register received an anonymous tip-off about the infection on 
Wednesday afternoon, which led us to a Google+ post containing information 
from NIST.

"On Friday March 8, a NIST firewall detected suspicious activity and took 
steps to block unusual traffic from reaching the Internet," Gail Porter of 
NIST's public inquiries office told a concerned chief security officer in 
an email, according to the post.

"NIST began investigating the cause of the unusual activity and the 
servers were taken offline. Malware was discovered on two NIST Web servers 
and was then traced to a software vulnerability."

There is no evidence that NIST web pages were used to serve malware, 
Porter wrote, and the organization is "continuing to respond to the 
incident."

So far, NIST is doing everything by the literal book, as section 4.3.4 of 
its own Guide to Malware Incident Prevention and Handling (PDF) says that 
if you do get infected by malware, "containing incidents by placing 
temporary restrictions on network connectivity can be very effective".

[..]

From noamr at beyondsecurity.com  Thu Mar 14 03:37:46 2013
From: noamr at beyondsecurity.com (Noam Rathaus)
Date: Thu, 14 Mar 2013 10:37:46 +0200
Subject: [VIM] "CVENEW" messages to be posted to VIM during NVD outage
In-Reply-To: <CADnR671SuRbbP6X33wEmpf14so5O7WiQUn8aSvw_e3R6qN7RSA@mail.gmail.com>
References: <FC72FC641B949240B947AC6F1F83FBAF09043DC6@IMCMBX01.MITRE.ORG>
	<CADnR671SuRbbP6X33wEmpf14so5O7WiQUn8aSvw_e3R6qN7RSA@mail.gmail.com>
Message-ID: <CAHqykcT83xp2DwDOgvLYU8XUNtf+9=B+uVhuBG+gv1tK92apWw@mail.gmail.com>

Hi,

Anyone knows of an alternative to the nvd db?

Specifically NVD is used by many to obtain the CVSS Score assigned to a
CVE, is there somewhere this information can be obtained from?

On Wed, Mar 13, 2013 at 10:45 PM, Jake Kouns <
jkouns at opensecurityfoundation.org> wrote:

> It seems like NVD has been having trouble with availability for the
> last several weeks.  How many outage have they had and what is the
> total duration at this point?
>
> On Wed, Mar 13, 2013 at 4:35 PM, Christey, Steven M. <coley at mitre.org>
> wrote:
> > As VIM subscribers probably know, the National Vulnerability Database
> >
> > (NVD) is having a temporary outage.  At http://nvd.nist.gov/, NIST
> >
> > says "We are working to restore service as quickly as possible."
> >
> >
> >
> > Many people rely on NVD feeds to learn about newly-updated CVEs.  The
> >
> > CVE web site does not provide such feeds, since that would duplicate
> >
> > NVD functionality.
> >
> >
> >
> > However, the CVE project sends notification emails for newly-updated
> >
> > CVEs to a limited set of CVE-compatible users, often several times a
> >
> > day.  Until NVD service is reliably restored, I will be posting these
> >
> > "CVENEW" messages to the Vulnerability Information Managers (VIM)
> >
> > list.  While they do not contain the extra data that NVD provides,
> >
> > such as CVSS and CPE names, hopefully this will help some people to
> >
> > monitor new CVEs.
> >
> >
> >
> > Note that the VIM list is not the place to post general vulnerability
> >
> > announcements; it is specifically designed for maintainers of
> >
> > vulnerability databases and information services.
> >
> >
> >
> >
> >
> > Regards,
> >
> > Steve Christey
> >
> > CVE Editor
> >
> >
>



-- 
Thanks,
Noam Rathaus
Beyond Security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.attrition.org/pipermail/vim/attachments/20130314/a9f0cea2/attachment.html>

From jericho at attrition.org  Thu Mar 14 11:34:50 2013
From: jericho at attrition.org (security curmudgeon)
Date: Thu, 14 Mar 2013 11:34:50 -0500 (CDT)
Subject: [VIM] "CVENEW" messages to be posted to VIM during NVD outage
In-Reply-To: <CAHqykcT83xp2DwDOgvLYU8XUNtf+9=B+uVhuBG+gv1tK92apWw@mail.gmail.com>
References: <FC72FC641B949240B947AC6F1F83FBAF09043DC6@IMCMBX01.MITRE.ORG>
	<CADnR671SuRbbP6X33wEmpf14so5O7WiQUn8aSvw_e3R6qN7RSA@mail.gmail.com>
	<CAHqykcT83xp2DwDOgvLYU8XUNtf+9=B+uVhuBG+gv1tK92apWw@mail.gmail.com>
Message-ID: <alpine.LNX.2.00.1303141134260.9589@forced.attrition.org>


On Thu, 14 Mar 2013, Noam Rathaus wrote:

: Anyone knows of an alternative to the nvd db?
: 
: Specifically NVD is used by many to obtain the CVSS Score assigned to a 
: CVE, is there somewhere this information can be obtained from?

OSVDB generates CVSS scores for all new entries, and does not rely on NVD 
for them.

From noamr at beyondsecurity.com  Thu Mar 14 11:36:21 2013
From: noamr at beyondsecurity.com (Noam Rathaus)
Date: Thu, 14 Mar 2013 18:36:21 +0200
Subject: [VIM] "CVENEW" messages to be posted to VIM during NVD outage
In-Reply-To: <alpine.LNX.2.00.1303141134260.9589@forced.attrition.org>
References: <FC72FC641B949240B947AC6F1F83FBAF09043DC6@IMCMBX01.MITRE.ORG>
	<CADnR671SuRbbP6X33wEmpf14so5O7WiQUn8aSvw_e3R6qN7RSA@mail.gmail.com>
	<CAHqykcT83xp2DwDOgvLYU8XUNtf+9=B+uVhuBG+gv1tK92apWw@mail.gmail.com>
	<alpine.LNX.2.00.1303141134260.9589@forced.attrition.org>
Message-ID: <CAHqykcQbkUTard==W0AWQQNgOMTZuCv0EjO1WGzf6fSUjhF+eg@mail.gmail.com>

Hi,

Thanks for the suggestion, I will give it a try

On Thu, Mar 14, 2013 at 6:34 PM, security curmudgeon
<jericho at attrition.org>wrote:

>
> On Thu, 14 Mar 2013, Noam Rathaus wrote:
>
> : Anyone knows of an alternative to the nvd db?
> :
> : Specifically NVD is used by many to obtain the CVSS Score assigned to a
> : CVE, is there somewhere this information can be obtained from?
>
> OSVDB generates CVSS scores for all new entries, and does not rely on NVD
> for them.
>



-- 
Thanks,
Noam Rathaus
Beyond Security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.attrition.org/pipermail/vim/attachments/20130314/70df15ee/attachment.html>

From coley at mitre.org  Thu Mar 14 12:53:47 2013
From: coley at mitre.org (Christey, Steven M.)
Date: Thu, 14 Mar 2013 17:53:47 +0000
Subject: [VIM] Linking third-party CVSS scores through CVEs (was: "CVENEW"
 messages to be posted to VIM during NVD outage)
Message-ID: <FC72FC641B949240B947AC6F1F83FBAF09047116@IMCMBX01.MITRE.ORG>

People who are considering linking from CVEs to CVSS scores using non-NVD external sources should note two things:

1) The CVSS scores from other sources may be inconsistent with those of NVD, so those who have "standardized" on NVD-based CVSS scores will need to take this into account; when they go back to NVD-based scores, this may cause some sudden changes to trends and statistical analyses.  This is unavoidable but something to be aware of (while CVSS strives for consistency, variation still occurs in the real world.)

2) CVSS scores might be over-estimated in some cases if a source "counts" vulnerabilities differently than CVE does.  Some external sources might combine multiple CVEs into a single record, but have only a single CVSS score for that record (probably the maximum score of the worst vulnerability).  If such a source is used, then CVSS scores for a single CVE might be over-estimated.  For example, suppose CVE-1 has a CVSS score of 4.0, and CVE-2 has a CVSS score of 8.0 (ignoring variations in how people do CVSS scoring).  If there is a source with a record X that combines CVE-1 and CVE-2, but X only uses the single rollup score of 8.0, then linking from CVE-1 through X could make it appear that CVE-1 has a score of 8.0.  As a result, you should consider the abstraction (counting methodology) that is used by whichever source is adopted.  If you want greater precision, then you would want a source whose records rarely map to more than one CVE.  This should be fairly easy to spot by seeing how vendor advisories such as Microsoft, Cisco, and Red Hat are represented in the source; these vendors (and many others) typically map to more than one CVE, but might only be captured as a single record.

- Steve


From jericho at attrition.org  Thu Mar 14 13:14:04 2013
From: jericho at attrition.org (security curmudgeon)
Date: Thu, 14 Mar 2013 13:14:04 -0500 (CDT)
Subject: [VIM] Linking third-party CVSS scores through CVEs (was:
 "CVENEW" messages to be posted to VIM during NVD outage)
In-Reply-To: <FC72FC641B949240B947AC6F1F83FBAF09047116@IMCMBX01.MITRE.ORG>
References: <FC72FC641B949240B947AC6F1F83FBAF09047116@IMCMBX01.MITRE.ORG>
Message-ID: <alpine.LNX.2.00.1303141311530.9589@forced.attrition.org>


On Thu, 14 Mar 2013, Christey, Steven M. wrote:

: People who are considering linking from CVEs to CVSS scores using non-NVD external sources should note two things:
: 
: 1) The CVSS scores from other sources may be inconsistent with those of 
: NVD, so those who have "standardized" on NVD-based CVSS scores will need 
: to take this into account; when they go back to NVD-based scores, this 
: may cause some sudden changes to trends and statistical analyses.  This 
: is unavoidable but something to be aware of (while CVSS strives for 
: consistency, variation still occurs in the real world.)

To be very clear though, NVD doesn't have the magical "all our CVSS is 
correct". There are discrepancies, but when those happen, each 
organization should evaluate both scores and pick the one they feel most 
appropriate.


From noamr at beyondsecurity.com  Thu Mar 14 13:49:18 2013
From: noamr at beyondsecurity.com (Noam Rathaus)
Date: Thu, 14 Mar 2013 20:49:18 +0200
Subject: [VIM] Linking third-party CVSS scores through CVEs (was:
 "CVENEW" messages to be posted to VIM during NVD outage)
In-Reply-To: <FC72FC641B949240B947AC6F1F83FBAF09047116@IMCMBX01.MITRE.ORG>
References: <FC72FC641B949240B947AC6F1F83FBAF09047116@IMCMBX01.MITRE.ORG>
Message-ID: <CAHqykcRVM=86mWT_BV4mkJw6OBTnLxiPcnSrp+KXinzN+FS_JQ@mail.gmail.com>

Hi,

I am all into having one source for all the CVSS scores for CVEs, but when
this one source doesn't have a fall-back plan or a backup site, it kinda
makes things difficult to stick around to it.

If you have any alternative or method of still matching CVSS and CVEs
without going to some other source beside NVD I will be happy to hear about
it.

On Thu, Mar 14, 2013 at 7:53 PM, Christey, Steven M. <coley at mitre.org>wrote:

> People who are considering linking from CVEs to CVSS scores using non-NVD
> external sources should note two things:
>
> 1) The CVSS scores from other sources may be inconsistent with those of
> NVD, so those who have "standardized" on NVD-based CVSS scores will need to
> take this into account; when they go back to NVD-based scores, this may
> cause some sudden changes to trends and statistical analyses.  This is
> unavoidable but something to be aware of (while CVSS strives for
> consistency, variation still occurs in the real world.)
>
> 2) CVSS scores might be over-estimated in some cases if a source "counts"
> vulnerabilities differently than CVE does.  Some external sources might
> combine multiple CVEs into a single record, but have only a single CVSS
> score for that record (probably the maximum score of the worst
> vulnerability).  If such a source is used, then CVSS scores for a single
> CVE might be over-estimated.  For example, suppose CVE-1 has a CVSS score
> of 4.0, and CVE-2 has a CVSS score of 8.0 (ignoring variations in how
> people do CVSS scoring).  If there is a source with a record X that
> combines CVE-1 and CVE-2, but X only uses the single rollup score of 8.0,
> then linking from CVE-1 through X could make it appear that CVE-1 has a
> score of 8.0.  As a result, you should consider the abstraction (counting
> methodology) that is used by whichever source is adopted.  If you want
> greater precision, then you would want a source whose records rarely map to
> more than one CVE.  This should be fairly easy to spot by seeing how vendor
> advisories such as Microsoft, Cisco, and Red Hat are represented in the
> source; these vendors (and many others) typically map to more than one CVE,
> but might only be captured as a single record.
>
> - Steve
>
>


-- 
Thanks,
Noam Rathaus
Beyond Security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.attrition.org/pipermail/vim/attachments/20130314/b65af289/attachment.html>

From coley at mitre.org  Thu Mar 14 15:04:25 2013
From: coley at mitre.org (coley at mitre.org)
Date: Thu, 14 Mar 2013 16:04:25 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/14 16:00 ; count=19
Message-ID: <201303142004.r2EK4PYp019270@cairo.mitre.org>

======================================================
Name: CVE-2012-6138
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6138
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2012-6536,
CVE-2012-6537, CVE-2012-6538, CVE-2012-6539, CVE-2012-6540,
CVE-2012-6541, CVE-2012-6542, CVE-2012-6543, CVE-2012-6544,
CVE-2012-6545, CVE-2012-6546, CVE-2012-6547, CVE-2012-6548,
CVE-2012-6549.  Reason: This candidate is a duplicate of
CVE-2012-6536, CVE-2012-6537, CVE-2012-6538, CVE-2012-6539,
CVE-2012-6540, CVE-2012-6541, CVE-2012-6542, CVE-2012-6543,
CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6547,
CVE-2012-6548, and CVE-2012-6549.  Notes: All CVE users should
reference one or more of CVE-2012-6536, CVE-2012-6537, CVE-2012-6538,
CVE-2012-6539, CVE-2012-6540, CVE-2012-6541, CVE-2012-6542,
CVE-2012-6543, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546,
CVE-2012-6547, CVE-2012-6548, and CVE-2012-6549 instead of this
candidate.  All references and descriptions in this candidate have
been removed to prevent accidental usage.



======================================================
Name: CVE-2012-6536
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6536
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130314
Category: 
Reference: MLIST:[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/05/13
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ecd7918745234e423dd87fcc0c077da557909720
Reference: CONFIRM:https://github.com/torvalds/linux/commit/ecd7918745234e423dd87fcc0c077da557909720
Reference: CONFIRM:https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2

net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify
that the actual Netlink message length is consistent with a certain
header field, which allows local users to obtain sensitive information
from kernel heap memory by leveraging the CAP_NET_ADMIN capability and
providing a (1) new or (2) updated state.



======================================================
Name: CVE-2012-6537
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6537
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130314
Category: 
Reference: MLIST:[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/05/13
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1f86840f897717f86d523a13e99a447e6a5d2fa5
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7b789836f434c87168eab067cfbed1ec4783dffd
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f778a636713a435d3a922c60b1622a91136560c1
Reference: CONFIRM:https://github.com/torvalds/linux/commit/1f86840f897717f86d523a13e99a447e6a5d2fa5
Reference: CONFIRM:https://github.com/torvalds/linux/commit/7b789836f434c87168eab067cfbed1ec4783dffd
Reference: CONFIRM:https://github.com/torvalds/linux/commit/f778a636713a435d3a922c60b1622a91136560c1
Reference: CONFIRM:https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2

net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not
initialize certain structures, which allows local users to obtain
sensitive information from kernel memory by leveraging the
CAP_NET_ADMIN capability.



======================================================
Name: CVE-2012-6538
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6538
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130314
Category: 
Reference: MLIST:[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/05/13
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4c87308bdea31a7b4828a51f6156e6f721a1fcc9
Reference: CONFIRM:https://github.com/torvalds/linux/commit/4c87308bdea31a7b4828a51f6156e6f721a1fcc9
Reference: CONFIRM:https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2

The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux
kernel before 3.6 uses an incorrect C library function for copying a
string, which allows local users to obtain sensitive information from
kernel heap memory by leveraging the CAP_NET_ADMIN capability.



======================================================
Name: CVE-2012-6539
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6539
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130314
Category: 
Reference: MLIST:[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/05/13
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=43da5f2e0d0c69ded3d51907d9552310a6b545e8
Reference: CONFIRM:https://github.com/torvalds/linux/commit/43da5f2e0d0c69ded3d51907d9552310a6b545e8
Reference: CONFIRM:https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2

The dev_ifconf function in net/socket.c in the Linux kernel before 3.6
does not initialize a certain structure, which allows local users to
obtain sensitive information from kernel stack memory via a crafted
application.



======================================================
Name: CVE-2012-6540
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6540
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130314
Category: 
Reference: MLIST:[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/05/13
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2d8a041b7bfe1097af21441cb77d6af95f4f4680
Reference: CONFIRM:https://github.com/torvalds/linux/commit/2d8a041b7bfe1097af21441cb77d6af95f4f4680
Reference: CONFIRM:https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2

The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the
Linux kernel before 3.6 does not initialize a certain structure for
IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain
sensitive information from kernel stack memory via a crafted
application.



======================================================
Name: CVE-2012-6541
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6541
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130314
Category: 
Reference: MLIST:[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/05/13
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7b07f8eb75aa3097cdfd4f6eac3da49db787381d
Reference: CONFIRM:https://github.com/torvalds/linux/commit/7b07f8eb75aa3097cdfd4f6eac3da49db787381d
Reference: CONFIRM:https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2

The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the
Linux kernel before 3.6 does not initialize a certain structure, which
allows local users to obtain sensitive information from kernel stack
memory via a crafted application.



======================================================
Name: CVE-2012-6542
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6542
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130314
Category: 
Reference: MLIST:[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/05/13
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3592aaeb80290bda0f2cf0b5456c97bfc638b192
Reference: CONFIRM:https://github.com/torvalds/linux/commit/3592aaeb80290bda0f2cf0b5456c97bfc638b192
Reference: CONFIRM:https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2

The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel
before 3.6 has an incorrect return value in certain circumstances,
which allows local users to obtain sensitive information from kernel
stack memory via a crafted application that leverages an uninitialized
pointer argument.



======================================================
Name: CVE-2012-6543
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6543
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130314
Category: 
Reference: MLIST:[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/05/13
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=04d4fbca1017c11381e7d82acea21dd741e748bc
Reference: CONFIRM:https://github.com/torvalds/linux/commit/04d4fbca1017c11381e7d82acea21dd741e748bc
Reference: CONFIRM:https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2

The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux
kernel before 3.6 does not initialize a certain structure member,
which allows local users to obtain sensitive information from kernel
stack memory via a crafted application.



======================================================
Name: CVE-2012-6544
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6544
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130314
Category: 
Reference: MLIST:[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/05/13
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3f68ba07b1da811bf383b4b701b129bfcb2e4988
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=792039c73cf176c8e39a6e8beef2c94ff46522ed
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e15ca9a0ef9a86f0477530b0f44a725d67f889ee
Reference: CONFIRM:https://github.com/torvalds/linux/commit/3f68ba07b1da811bf383b4b701b129bfcb2e4988
Reference: CONFIRM:https://github.com/torvalds/linux/commit/792039c73cf176c8e39a6e8beef2c94ff46522ed
Reference: CONFIRM:https://github.com/torvalds/linux/commit/e15ca9a0ef9a86f0477530b0f44a725d67f889ee
Reference: CONFIRM:https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2

The Bluetooth protocol stack in the Linux kernel before 3.6 does not
properly initialize certain structures, which allows local users to
obtain sensitive information from kernel stack memory via a crafted
application that targets the (1) L2CAP or (2) HCI implementation.



======================================================
Name: CVE-2012-6545
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6545
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130314
Category: 
Reference: MLIST:[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/05/13
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9344a972961d1a6d2c04d9008b13617bcb6ec2ef
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9ad2de43f1aee7e7274a4e0d41465489299e344b
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f9432c5ec8b1e9a09b9b0e5569e3c73db8de432a
Reference: CONFIRM:https://github.com/torvalds/linux/commit/9344a972961d1a6d2c04d9008b13617bcb6ec2ef
Reference: CONFIRM:https://github.com/torvalds/linux/commit/9ad2de43f1aee7e7274a4e0d41465489299e344b
Reference: CONFIRM:https://github.com/torvalds/linux/commit/f9432c5ec8b1e9a09b9b0e5569e3c73db8de432a
Reference: CONFIRM:https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2

The Bluetooth RFCOMM implementation in the Linux kernel before 3.6
does not properly initialize certain structures, which allows local
users to obtain sensitive information from kernel memory via a crafted
application.



======================================================
Name: CVE-2012-6546
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6546
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130314
Category: 
Reference: MLIST:[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/05/13
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3c0c5cfdcd4d69ffc4b9c0907cec99039f30a50a
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e862f1a9b7df4e8196ebec45ac62295138aa3fc2
Reference: CONFIRM:https://github.com/torvalds/linux/commit/3c0c5cfdcd4d69ffc4b9c0907cec99039f30a50a
Reference: CONFIRM:https://github.com/torvalds/linux/commit/e862f1a9b7df4e8196ebec45ac62295138aa3fc2
Reference: CONFIRM:https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2

The ATM implementation in the Linux kernel before 3.6 does not
initialize certain structures, which allows local users to obtain
sensitive information from kernel stack memory via a crafted
application.



======================================================
Name: CVE-2012-6547
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6547
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130314
Category: 
Reference: MLIST:[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/05/13
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a117dacde0288f3ec60b6e5bcedae8fa37ee0dfc
Reference: CONFIRM:https://github.com/torvalds/linux/commit/a117dacde0288f3ec60b6e5bcedae8fa37ee0dfc
Reference: CONFIRM:https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2

The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel
before 3.6 does not initialize a certain structure, which allows local
users to obtain sensitive information from kernel stack memory via a
crafted application.



======================================================
Name: CVE-2012-6548
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6548
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130314
Category: 
Reference: MLIST:[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/05/13
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0143fc5e9f6f5aad4764801015bc8d4b4a278200
Reference: CONFIRM:https://github.com/torvalds/linux/commit/0143fc5e9f6f5aad4764801015bc8d4b4a278200
Reference: CONFIRM:https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2

The udf_encode_fh function in fs/udf/namei.c in the Linux kernel
before 3.6 does not initialize a certain structure member, which
allows local users to obtain sensitive information from kernel heap
memory via a crafted application.



======================================================
Name: CVE-2012-6549
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6549
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130314
Category: 
Reference: MLIST:[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/05/13
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fe685aabf7c8c9f138e5ea900954d295bf229175
Reference: CONFIRM:https://github.com/torvalds/linux/commit/fe685aabf7c8c9f138e5ea900954d295bf229175
Reference: CONFIRM:https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2

The isofs_export_encode_fh function in fs/isofs/export.c in the Linux
kernel before 3.6 does not initialize a certain structure member,
which allows local users to obtain sensitive information from kernel
heap memory via a crafted application.



======================================================
Name: CVE-2013-1825
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1825
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2013-2546,
CVE-2013-2547, CVE-2013-2548.  Reason: This candidate is a duplicate
of CVE-2013-2546, CVE-2013-2547, and CVE-2013-2548.  Notes: All CVE
users should reference one or more of CVE-2013-2546, CVE-2013-2547,
and CVE-2013-2548 instead of this candidate.  All references and
descriptions in this candidate have been removed to prevent accidental
usage.



======================================================
Name: CVE-2013-2546
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2546
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130308
Category: 
Reference: MLIST:[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/05/13
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6
Reference: CONFIRM:https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6

The report API in the crypto user configuration API in the Linux
kernel through 3.8.2 uses an incorrect C library function for copying
strings, which allows local users to obtain sensitive information from
kernel stack memory by leveraging the CAP_NET_ADMIN capability.



======================================================
Name: CVE-2013-2547
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2547
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130308
Category: 
Reference: MLIST:[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/05/13
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6
Reference: CONFIRM:https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6

The crypto_report_one function in crypto/crypto_user.c in the report
API in the crypto user configuration API in the Linux kernel through
3.8.2 does not initialize certain structure members, which allows
local users to obtain sensitive information from kernel heap memory by
leveraging the CAP_NET_ADMIN capability.



======================================================
Name: CVE-2013-2548
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2548
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130308
Category: 
Reference: MLIST:[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/05/13
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6
Reference: CONFIRM:https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6

The crypto_report_one function in crypto/crypto_user.c in the report
API in the crypto user configuration API in the Linux kernel through
3.8.2 uses an incorrect length value during a copy operation, which
allows local users to obtain sensitive information from kernel memory
by leveraging the CAP_NET_ADMIN capability.




From jericho at attrition.org  Thu Mar 14 15:38:40 2013
From: jericho at attrition.org (security curmudgeon)
Date: Thu, 14 Mar 2013 15:38:40 -0500 (CDT)
Subject: [VIM] Linking third-party CVSS scores through CVEs (was:
 "CVENEW" messages to be posted to VIM during NVD outage)
In-Reply-To: <CAHqykcRVM=86mWT_BV4mkJw6OBTnLxiPcnSrp+KXinzN+FS_JQ@mail.gmail.com>
References: <FC72FC641B949240B947AC6F1F83FBAF09047116@IMCMBX01.MITRE.ORG>
	<CAHqykcRVM=86mWT_BV4mkJw6OBTnLxiPcnSrp+KXinzN+FS_JQ@mail.gmail.com>
Message-ID: <alpine.LNX.2.00.1303141537460.9589@forced.attrition.org>


On Thu, 14 Mar 2013, Noam Rathaus wrote:

: I am all into having one source for all the CVSS scores for CVEs, but 
: when this one source doesn't have a fall-back plan or a backup site, it 
: kinda makes things difficult to stick around to it.
: 
: If you have any alternative or method of still matching CVSS and CVEs 
: without going to some other source beside NVD I will be happy to hear 
: about it.

Also note, that at *present*, 90% of OSVDB's CVSS scores do come from NVD, 
via our initial import.

Just that recently, we've been doing our own because NVD's coverage of 
vulnerabilities is way too shallow, and the lag between vuln announcement 
and CVSS creation too great.


From coley at mitre.org  Thu Mar 14 17:04:32 2013
From: coley at mitre.org (coley at mitre.org)
Date: Thu, 14 Mar 2013 18:04:32 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/14 18:00 ; count=1
Message-ID: <201303142204.r2EM4Wda027404@cairo.mitre.org>

======================================================
Name: CVE-2013-2566
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2566
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130314
Category: 
Reference: MISC:http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html
Reference: MISC:http://cr.yp.to/talks/2013.03.12/slides.pdf
Reference: MISC:http://www.isg.rhul.ac.uk/tls/

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has
many single-byte biases, which makes it easier for remote attackers to
conduct plaintext-recovery attacks via statistical analysis of
ciphertext in a large number of sessions that use the same plaintext.




From coley at mitre.org  Thu Mar 14 20:04:26 2013
From: coley at mitre.org (coley at mitre.org)
Date: Thu, 14 Mar 2013 21:04:26 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/14 21:00 ; count=11
Message-ID: <201303150104.r2F14QZP029485@cairo.mitre.org>

======================================================
Name: CVE-2013-0248
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0248
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: BUGTRAQ:20130306 [SECURITY] CVE-2013-0248 Apache Commons FileUpload - Insecure examples
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2013-03/0035.html
Reference: OSVDB:90906
Reference: URL:http://www.osvdb.org/90906

The default configuration of javax.servlet.context.tempdir in Apache
Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for
uploaded files, which allows local users to overwrite arbitrary files
via an unspecified symlink attack.



======================================================
Name: CVE-2013-0960
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0960
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130110
Category: 
Reference: APPLE:APPLE-SA-2013-03-14-2
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html

WebKit in Apple Safari before 6.0.3 allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption) via a
crafted web site, a different vulnerability than CVE-2013-0961.



======================================================
Name: CVE-2013-0961
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0961
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130110
Category: 
Reference: APPLE:APPLE-SA-2013-03-14-2
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html

WebKit in Apple Safari before 6.0.3 allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption) via a
crafted web site, a different vulnerability than CVE-2013-0960.



======================================================
Name: CVE-2013-0966
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0966
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130110
Category: 
Reference: APPLE:APPLE-SA-2013-03-14-1
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac
OS X before 10.8.3 does not properly handle ignorable Unicode
characters, which allows remote attackers to bypass intended directory
authentication requirements via a crafted pathname in a URI.



======================================================
Name: CVE-2013-0967
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0967
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130110
Category: 
Reference: APPLE:APPLE-SA-2013-03-14-1
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the
list of safe file types, which allows remote attackers to bypass a
Java plug-in disabled setting, and trigger the launch of Java Web
Start applications, via a crafted web site.



======================================================
Name: CVE-2013-0969
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0969
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130110
Category: 
Reference: APPLE:APPLE-SA-2013-03-14-1
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

Login Window in Apple Mac OS X before 10.8.3 does not prevent
application launching with the VoiceOver feature, which allows
physically proximate attackers to bypass authentication and make
arbitrary System Preferences changes via unspecified use of the
keyboard.



======================================================
Name: CVE-2013-0970
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0970
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130110
Category: 
Reference: APPLE:APPLE-SA-2013-03-14-1
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

Messages in Apple Mac OS X before 10.8.3 allows remote attackers to
bypass the FaceTime call-confirmation prompt via a crafted FaceTime:
URL.



======================================================
Name: CVE-2013-0971
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0971
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130110
Category: 
Reference: APPLE:APPLE-SA-2013-03-14-1
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3
allows remote attackers to execute arbitrary code or cause a denial of
service (application crash) via crafted ink annotations in a PDF
document.



======================================================
Name: CVE-2013-0973
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0973
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130110
Category: 
Reference: APPLE:APPLE-SA-2013-03-14-1
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

Software Update in Apple Mac OS X through 10.7.5 does not prevent
plugin loading within the marketing-text WebView, which allows
man-in-the-middle attackers to execute plugin code by modifying the
client-server data stream.



======================================================
Name: CVE-2013-0976
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0976
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130110
Category: 
Reference: APPLE:APPLE-SA-2013-03-14-1
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote
attackers to execute arbitrary code or cause a denial of service
(memory corruption) via a crafted graphics image.



======================================================
Name: CVE-2013-2560
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2560
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130313
Category: 
Reference: BUGTRAQ:20130313 Re: [CVE-REQUEST] Foscam <= 11.37.2.48 path traversal vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2013-03/0080.html

Directory traversal vulnerability in the web interface on Foscam
devices with firmware before 11.37.2.49 allows remote attackers to
read arbitrary files via a .. (dot dot) in the URI, as demonstrated by
discovering (1) web credentials or (2) Wi-Fi credentials.




From coley at mitre.org  Fri Mar 15 09:04:23 2013
From: coley at mitre.org (coley at mitre.org)
Date: Fri, 15 Mar 2013 10:04:23 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/15 10:00 ; count=4
Message-ID: <201303151404.r2FE4NpI012486@cairo.mitre.org>

======================================================
Name: CVE-2013-2371
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2371
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130304
Category: 
Reference: CONFIRM:http://www.tibco.com/mk/advisory.jsp
Reference: CONFIRM:http://www.tibco.com/multimedia/spotfire-statistics-services-advisory-2013-03-12_tcm8-18479.txt
Reference: CONFIRM:http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp

The Web API in the Statistics Server in TIBCO Spotfire Statistics
Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before
5.0.1 allows remote attackers to obtain sensitive information via an
unspecified HTTP request.



======================================================
Name: CVE-2013-2372
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2372
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130304
Category: 
Reference: CONFIRM:http://www.tibco.com/mk/advisory.jsp
Reference: CONFIRM:http://www.tibco.com/multimedia/spotfire-web-player-advisory-2013-03-12_tcm8-18480.txt
Reference: CONFIRM:http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp

Cross-site scripting (XSS) vulnerability in the Engine in TIBCO
Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x
before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to inject
arbitrary web script or HTML via unspecified vectors.



======================================================
Name: CVE-2013-2373
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2373
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130304
Category: 
Reference: CONFIRM:http://www.tibco.com/mk/advisory.jsp
Reference: CONFIRM:http://www.tibco.com/multimedia/spotfire-web-player-advisory-2013-03-12_tcm8-18480.txt
Reference: CONFIRM:http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp

The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x
before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not
properly implement access control, which allows remote attackers to
obtain sensitive information or modify data via unspecified vectors.



======================================================
Name: CVE-2013-2492
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2492
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130306
Category: 
Reference: MISC:https://gist.github.com/zeroSteiner/85daef257831d904479c
Reference: MISC:https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb
Reference: CONFIRM:http://tracker.firebirdsql.org/browse/CORE-4058

Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before
18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote
attackers to execute arbitrary code via a crafted packet to TCP port
3050, related to a missing size check during extraction of a group
number from CNCT information.




From coley at mitre.org  Mon Mar 18 10:04:23 2013
From: coley at mitre.org (coley at mitre.org)
Date: Mon, 18 Mar 2013 11:04:23 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/18 11:00 ; count=2
Message-ID: <201303181504.r2IF4Nn5028881@cairo.mitre.org>

======================================================
Name: CVE-2013-0913
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0913
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130107
Category: 
Reference: MLIST:[linux-kernel] 20130311 [PATCH] drm/i915: bounds check execbuffer relocations
Reference: URL:https://lkml.org/lkml/2013/3/11/501
Reference: MLIST:[oss-security] 20130311 CVE-2013-0913 Linux kernel i915 integer overflow
Reference: URL:http://openwall.com/lists/oss-security/2013/03/11/6
Reference: MLIST:[oss-security] 20130313 Re: CVE-2013-0913 Linux kernel i915 integer overflow
Reference: URL:http://openwall.com/lists/oss-security/2013/03/13/9
Reference: MLIST:[oss-security] 20130314 Re: CVE-2013-0913 Linux kernel i915 integer overflow
Reference: URL:http://openwall.com/lists/oss-security/2013/03/14/22
Reference: CONFIRM:http://git.chromium.org/gitweb/?p=chromiumos/third_party/kernel.git;a=commit;h=c79efdf2b7f68f985922a8272d64269ecd490477
Reference: CONFIRM:http://googlechromereleases.blogspot.com/2013/03/stable-channel-update-for-chrome-os_15.html
Reference: CONFIRM:https://code.google.com/p/chromium-os/issues/detail?id=39733
Reference: CONFIRM:https://gerrit.chromium.org/gerrit/45118

Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the
i915 driver in the Direct Rendering Manager (DRM) subsystem in the
Linux kernel through 3.8.3, as used in Google Chrome OS before
25.0.1364.173 and other products, allows local users to cause a denial
of service (heap-based buffer overflow) or possibly have unspecified
other impact via a crafted application that triggers many relocation
copies, and potentially leads to a race condition.



======================================================
Name: CVE-2013-0915
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0915
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130107
Category: 
Reference: CONFIRM:http://googlechromereleases.blogspot.com/2013/03/stable-channel-update-for-chrome-os_15.html
Reference: CONFIRM:https://code.google.com/p/chromium/issues/detail?id=181083

The GPU process in Google Chrome OS before 25.0.1364.173 allows
attackers to cause a denial of service or possibly have unspecified
other impact via vectors related to an "overflow."




From coley at mitre.org  Mon Mar 18 16:04:23 2013
From: coley at mitre.org (coley at mitre.org)
Date: Mon, 18 Mar 2013 17:04:23 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/18 17:00 ; count=1
Message-ID: <201303182104.r2IL4Nwt002240@cairo.mitre.org>

======================================================
Name: CVE-2013-1495
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1495
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130130
Category: 
Reference: FULLDISC:20130301 Oracle Auto Service Request /tmp file clobbering vulnerability
Reference: URL:http://seclists.org/fulldisclosure/2013/Feb/159

asr in Oracle Auto Service Request allows local users to modify
arbitrary files via a symlink attack on a predictable filename in
/tmp.




From coley at mitre.org  Tue Mar 19 09:04:29 2013
From: coley at mitre.org (coley at mitre.org)
Date: Tue, 19 Mar 2013 10:04:29 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/19 10:00 ; count=14
Message-ID: <201303191404.r2JE4TnC024616@cairo.mitre.org>

======================================================
Name: CVE-2013-0205
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0205
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: MLIST:[oss-security] 20130121 Re: CVE request for Drupal contributed modules
Reference: URL:http://www.openwall.com/lists/oss-security/2013/01/21/5
Reference: MISC:https://drupal.org/node/1890222
Reference: CONFIRM:https://drupal.org/node/1890212
Reference: CONFIRM:https://drupal.org/node/1890216

Cross-site request forgery (CSRF) vulnerability in the RESTful Web
Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before
7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the
authentication of arbitrary users via unknown vectors.



======================================================
Name: CVE-2013-0206
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0206
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: MLIST:[oss-security] 20130121 Re: CVE request for Drupal contributed modules
Reference: URL:http://www.openwall.com/lists/oss-security/2013/01/21/5
Reference: MISC:https://drupal.org/node/1890318
Reference: CONFIRM:http://drupal.org/node/1883976
Reference: CONFIRM:http://drupal.org/node/1883978
Reference: CONFIRM:http://drupalcode.org/project/live_css.git/commitdiff/cb7005f
Reference: CONFIRM:http://drupalcode.org/project/live_css.git/commitdiff/ef323c8

Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x
before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote
authenticated users with the "administer CSS" permissions to execute
arbitrary code by uploading a file with an executable extension, then
accessing it via a direct request to the file in an unspecified
directory.



======================================================
Name: CVE-2013-0207
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0207
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: MLIST:[oss-security] 20130121 Re: CVE request for Drupal contributed modules
Reference: URL:http://www.openwall.com/lists/oss-security/2013/01/21/5
Reference: MISC:https://drupal.org/node/1890538
Reference: CONFIRM:http://drupalcode.org/project/mark_complete.git/commitdiff/a18c7b2
Reference: CONFIRM:https://drupal.org/node/1890566

Cross-site request forgery (CSRF) vulnerability in the Mark Complete
module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to
hijack the authentication of unspecified victims via unknown vectors.



======================================================
Name: CVE-2013-0224
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0224
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: MLIST:[oss-security] 20130124 Re: CVE request for Drupal contributed modules
Reference: URL:http://www.openwall.com/lists/oss-security/2013/01/25/4
Reference: MISC:https://drupal.org/node/1896714
Reference: CONFIRM:https://drupal.org/node/1895234

The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the
FFmpeg transcoder, allows local users to execute arbitrary PHP code by
modifying a temporary PHP file.



======================================================
Name: CVE-2013-0225
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0225
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: MLIST:[oss-security] 20130124 Re: CVE request for Drupal contributed modules
Reference: URL:http://www.openwall.com/lists/oss-security/2013/01/25/4
Reference: MISC:https://drupal.org/node/1896720
Reference: CONFIRM:http://drupalcode.org/project/user_relationships.git/commitdiff/17e94b9
Reference: CONFIRM:http://drupalcode.org/project/user_relationships.git/commitdiff/b9a4739
Reference: CONFIRM:https://drupal.org/node/1896272
Reference: CONFIRM:https://drupal.org/node/1896276

Cross-site scripting (XSS) vulnerability in the User Relationships
module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for
Drupal allows remote authenticated users with the "administer user
relationships" permission to inject arbitrary web script or HTML via a
relationship name.



======================================================
Name: CVE-2013-0226
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0226
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: MLIST:[oss-security] 20130124 Re: CVE request for Drupal contributed modules
Reference: URL:http://www.openwall.com/lists/oss-security/2013/01/25/4
Reference: MISC:https://drupal.org/node/1896752
Reference: CONFIRM:https://drupal.org/node/1896752

The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal
does not properly check node restrictions, which allows (1) remote
authenticated users with the "view shortcuts" permission to read nodes
or (2) remote authenticated users with the "admin shortcuts"
permission to read, edit, or delete nodes via unspecified vectors.



======================================================
Name: CVE-2013-0227
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0227
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: MLIST:[oss-security] 20130124 Re: CVE request for Drupal contributed modules
Reference: URL:http://www.openwall.com/lists/oss-security/2013/01/25/4
Reference: MISC:https://drupal.org/node/1896782
Reference: CONFIRM:http://drupalcode.org/project/search_api_sorts.git/commitdiff/f6cbf47
Reference: CONFIRM:https://drupal.org/node/1896756

Cross-site scripting (XSS) vulnerability in the Search API Sorts
module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated
users with certain roles to inject arbitrary web script or HTML via
unspecified field labels.



======================================================
Name: CVE-2013-0251
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0251
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: MLIST:[oss-security] 20130203 Re: CVE id request: latd
Reference: URL:http://www.openwall.com/lists/oss-security/2013/02/04/3
Reference: MLIST:[oss-security] 20130205 Re: CVE id request: latd
Reference: URL:http://www.openwall.com/lists/oss-security/2013/02/05/2
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699625

Stack-based buffer overflow in llogincircuit.cc in latd 1.25 through
1.30 and earlier allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a long string in the
llogin version.



======================================================
Name: CVE-2013-0327
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0327
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: MLIST:[oss-security] 20130220 Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16
Reference: URL:http://www.openwall.com/lists/oss-security/2013/02/21/7
Reference: MISC:https://bugzilla.redhat.com/show_bug.cgi?id=914875
Reference: CONFIRM:http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb
Reference: CONFIRM:https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16
Reference: REDHAT:RHSA-2013:0638
Reference: URL:http://rhn.redhat.com/errata/RHSA-2013-0638.html

Cross-site request forgery (CSRF) vulnerability in Jenkins master in
CloudBees Jenkins before 1.502 and LTS before 1.480.3 allows remote
attackers to hijack the authentication of users via unknown vectors.



======================================================
Name: CVE-2013-0328
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0328
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: MLIST:[oss-security] 20130220 Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16
Reference: URL:http://www.openwall.com/lists/oss-security/2013/02/21/7
Reference: MISC:https://bugzilla.redhat.com/show_bug.cgi?id=914876
Reference: CONFIRM:http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb
Reference: CONFIRM:https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16
Reference: REDHAT:RHSA-2013:0638
Reference: URL:http://rhn.redhat.com/errata/RHSA-2013-0638.html
Reference: BID:57994
Reference: URL:http://www.securityfocus.com/bid/57994

Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before
1.502 and LTS before 1.480.3 allows remote attackers to inject
arbitrary web script or HTML via unspecified vectors.



======================================================
Name: CVE-2013-0329
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0329
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: MLIST:[oss-security] 20130220 Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16
Reference: URL:http://www.openwall.com/lists/oss-security/2013/02/21/7
Reference: MISC:https://bugzilla.redhat.com/show_bug.cgi?id=914877
Reference: CONFIRM:http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb
Reference: CONFIRM:https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16
Reference: REDHAT:RHSA-2013:0638
Reference: URL:http://rhn.redhat.com/errata/RHSA-2013-0638.html

Unspecified vulnerability in CloudBees Jenkins before 1.502 and LTS
before 1.480.3 allows remote attackers to bypass the CSRF protection
mechanism via unknown attack vectors.



======================================================
Name: CVE-2013-0330
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0330
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: MLIST:[oss-security] 20130220 Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16
Reference: URL:http://www.openwall.com/lists/oss-security/2013/02/21/7
Reference: MISC:https://bugzilla.redhat.com/show_bug.cgi?id=914878
Reference: CONFIRM:http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb
Reference: CONFIRM:https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16
Reference: REDHAT:RHSA-2013:0638
Reference: URL:http://rhn.redhat.com/errata/RHSA-2013-0638.html
Reference: BID:57994
Reference: URL:http://www.securityfocus.com/bid/57994

Unspecified vulnerability in CloudBees Jenkins before 1.502 and LTS
before 1.480.3 allows remote authenticated users with write access to
build arbitrary jobs via unknown attack vectors.



======================================================
Name: CVE-2013-0331
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0331
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: MLIST:[oss-security] 20130220 Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16
Reference: URL:http://www.openwall.com/lists/oss-security/2013/02/21/7
Reference: MISC:https://bugzilla.redhat.com/show_bug.cgi?id=914879
Reference: CONFIRM:http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb
Reference: CONFIRM:https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16
Reference: REDHAT:RHSA-2013:0638
Reference: URL:http://rhn.redhat.com/errata/RHSA-2013-0638.html
Reference: BID:57994
Reference: URL:http://www.securityfocus.com/bid/57994

CloudBees Jenkins before 1.502 and LTS before 1.480.3 allows remote
authenticated users with write access to cause a denial of service via
a crafted payload.



======================================================
Name: CVE-2013-2263
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2263
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130220
Category: 
Reference: CONFIRM:http://support.citrix.com/article/CTX136623
Reference: OSVDB:90905
Reference: URL:http://osvdb.org/90905
Reference: SECTRACK:1028255
Reference: URL:http://www.securitytracker.com/id/1028255
Reference: SECUNIA:52479
Reference: URL:http://secunia.com/advisories/52479
Reference: XF:citrix-gateway-unspec-security-bypass(82591)
Reference: URL:http://xforce.iss.net/xforce/xfdb/82591

Unspecified vulnerability in Citrix Access Gateway Standard Edition
5.0.x before 5.0.4.223524 allows remote attackers to access network
resources via unknown attack vectors.




From coley at mitre.org  Tue Mar 19 12:04:29 2013
From: coley at mitre.org (coley at mitre.org)
Date: Tue, 19 Mar 2013 13:04:29 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/19 13:00 ; count=1
Message-ID: <201303191704.r2JH4Taa025834@cairo.mitre.org>

======================================================
Name: CVE-2013-1863
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1863
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: CONFIRM:http://www.samba.org/samba/ftp/patches/security/samba-4.0.3-CVE-2013-1863.patch
Reference: CONFIRM:http://www.samba.org/samba/security/CVE-2013-1863

Samba 4.x before 4.0.4, when configured as an Active Directory domain
controller, uses world-writable permissions on non-default CIFS
shares, which allows remote authenticated users to read, modify,
create, or delete arbitrary files via standard filesystem operations.




From coley at mitre.org  Tue Mar 19 13:04:28 2013
From: coley at mitre.org (coley at mitre.org)
Date: Tue, 19 Mar 2013 14:04:28 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/19 14:00 ; count=5
Message-ID: <201303191804.r2JI4SgA026763@cairo.mitre.org>

======================================================
Name: CVE-2012-4223
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4223
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20120808
Category: 

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: The
CNA or individual who requested this candidate did not associate it
with any vulnerability during 2012.  Notes: none.



======================================================
Name: CVE-2012-4224
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4224
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20120808
Category: 

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: The
CNA or individual who requested this candidate did not associate it
with any vulnerability during 2012.  Notes: none.



======================================================
Name: CVE-2013-0505
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0505
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121216
Category: 
Reference: CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21631302
Reference: AIXAPAR:ID358571
Reference: URL:http://www-01.ibm.com/support/docview.wss?uid=swg1ID358571
Reference: XF:sterling-om-xpath-injection(82339)
Reference: URL:http://xforce.iss.net/xforce/xfdb/82339

IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0
before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote
authenticated users to conduct XPath injection attacks, and read
arbitrary XML files, via unspecified vectors.



======================================================
Name: CVE-2013-0506
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0506
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121216
Category: 
Reference: CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21631302
Reference: AIXAPAR:IC90858
Reference: URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IC90858
Reference: XF:sterling-om-address-xss(82341)
Reference: URL:http://xforce.iss.net/xforce/xfdb/82341

Cross-site scripting (XSS) vulnerability in IBM Sterling Order
Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0
before FP41, and 9.2.0 before FP13 allows remote authenticated users
to inject arbitrary web script or HTML via unspecified vectors.



======================================================
Name: CVE-2013-0717
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0717
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121228
Category: 
Reference: CONFIRM:http://jpn.nec.com/security-info/secinfo/nv13-005.html
Reference: CONFIRM:http://jvn.jp/en/jp/JVN59503133/6443/index.html
Reference: JVN:JVN#59503133
Reference: URL:http://jvn.jp/en/jp/JVN59503133/index.html
Reference: JVNDB:JVNDB-2013-000024
Reference: URL:http://jvndb.jvn.jp/jvndb/JVNDB-2013-000024

Multiple cross-site request forgery (CSRF) vulnerabilities in the
web-based management utility on the NEC AtermWR9500N, AtermWR8600N,
AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers
allow remote attackers to hijack the authentication of administrators
for requests that (1) initialize settings or (2) reboot the device.




From coley at mitre.org  Tue Mar 19 17:04:36 2013
From: coley at mitre.org (coley at mitre.org)
Date: Tue, 19 Mar 2013 18:04:36 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/19 18:00 ; count=4
Message-ID: <201303192204.r2JM4aO0005362@cairo.mitre.org>

======================================================
Name: CVE-2013-1854
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[ruby-security-ann] 20130318 [CVE-2013-1854] Symbol DoS vulnerability in Active Record
Reference: URL:https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain

The Active Record component in Ruby on Rails 2.3.x before 2.3.18,
3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries
by converting hash keys to symbols, which allows remote attackers to
cause a denial of service via crafted input to a where method.



======================================================
Name: CVE-2013-1855
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[rubyonrails-security] 20130318 [CVE-2013-1855] XSS vulnerability in sanitize_css in Action Pack
Reference: URL:https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain

The sanitize_css method in
lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the
Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x
before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n
(newline) characters, which makes it easier for remote attackers to
conduct cross-site scripting (XSS) attacks via crafted Cascading Style
Sheets (CSS) token sequences.



======================================================
Name: CVE-2013-1856
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1856
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[rubyonrails-security] 20130318 [CVE-2013-1856] XML Parsing Vulnerability affecting JRuby users
Reference: URL:https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain

The ActiveSupport::XmlMini_JDOM backend in
lib/active_support/xml_mini/jdom.rb in the Active Support component in
Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13,
when JRuby is used, does not properly restrict the capabilities of the
XML parser, which allows remote attackers to read arbitrary files or
cause a denial of service (resource consumption) via vectors involving
(1) an external DTD or (2) an external entity declaration in
conjunction with an entity reference.



======================================================
Name: CVE-2013-1857
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[rubyonrails-security] 20130318 [CVE-2013-1857] XSS Vulnerability in the `sanitize` helper of Ruby on Rails
Reference: URL:https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain

The sanitize helper in
lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the
Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x
before 3.1.12, and 3.2.x before 3.2.13 does not properly handle
encoded : (colon) characters in URLs, which makes it easier for remote
attackers to conduct cross-site scripting (XSS) attacks via a crafted
scheme name, as demonstrated by including a &#x3a; sequence.




From coley at mitre.org  Wed Mar 20 08:58:39 2013
From: coley at mitre.org (Christey, Steven M.)
Date: Wed, 20 Mar 2013 13:58:39 +0000
Subject: [VIM] CVE-2013-0332 / CVE-2013-0232 (Zoneminder) mapping errors
Message-ID: <FC72FC641B949240B947AC6F1F83FBAF0904DE01@IMCMBX01.MITRE.ORG>

Apparently some sources, including Exploit-DB and OSVDB, are using incorrect CVEs for Zoneminder issues.

Whether this was a typo somewhere I don't know.

http://www.openwall.com/lists/oss-security/2013/02/21/8 links CVE-2013-0332 with an LFI/directory-traversal issue 

http://www.openwall.com/lists/oss-security/2013/01/28/2 links CVE-2013-0232 with code execution involving packageControl() and exec().

EXPLOIT-DB: 24310 and OSVDB: 89529 are both for packageControl() and map to -0332, but this should be -0232.

CVE-2013-0332 and CVE-2013-0232 will be public in about an hour.

- Steve


From coley at mitre.org  Wed Mar 20 09:04:28 2013
From: coley at mitre.org (coley at mitre.org)
Date: Wed, 20 Mar 2013 10:04:28 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/20 10:00 ; count=6
Message-ID: <201303201404.r2KE4SFW020533@cairo.mitre.org>

======================================================
Name: CVE-2012-5938
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5938
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121121
Category: 
Reference: CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg21628844
Reference: XF:infosphere-file-priv-esc(80493)
Reference: URL:http://xforce.iss.net/xforce/xfdb/80493

The installation process in IBM InfoSphere Information Server 8.1,
8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and
ownerships for unspecified files, which allows local users to bypass
intended access restrictions via standard filesystem operations.



======================================================
Name: CVE-2013-0977
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0977
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130110
Category: 
Reference: CONFIRM:http://support.apple.com/kb/HT5702
Reference: CONFIRM:http://support.apple.com/kb/HT5704
Reference: APPLE:APPLE-SA-2013-03-19-1
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html
Reference: APPLE:APPLE-SA-2013-03-19-2
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00005.html

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not
properly manage the state of file loading for Mach-O executable files,
which allows local users to bypass intended code-signing requirements
via a file that contains overlapping segments.



======================================================
Name: CVE-2013-0978
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0978
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130110
Category: 
Reference: CONFIRM:http://support.apple.com/kb/HT5702
Reference: CONFIRM:http://support.apple.com/kb/HT5704
Reference: APPLE:APPLE-SA-2013-03-19-1
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html
Reference: APPLE:APPLE-SA-2013-03-19-2
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00005.html

The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3
and Apple TV before 5.2.1 does not ensure that it has been invoked in
an abort context, which makes it easier for local users to bypass the
ASLR protection mechanism via crafted code.



======================================================
Name: CVE-2013-0979
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0979
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130110
Category: 
Reference: CONFIRM:http://support.apple.com/kb/HT5704
Reference: APPLE:APPLE-SA-2013-03-19-1
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html

lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly
consider file types during the permission-setting step of a backup
restoration, which allows local users to change the permissions of
arbitrary files via a backup that contains a pathname with a symlink.



======================================================
Name: CVE-2013-0980
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0980
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130110
Category: 
Reference: CONFIRM:http://support.apple.com/kb/HT5704
Reference: APPLE:APPLE-SA-2013-03-19-1
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html

The Passcode Lock implementation in Apple iOS before 6.1.3 does not
properly manage the lock state, which allows physically proximate
attackers to bypass an intended passcode requirement by leveraging an
error in the emergency-call feature.



======================================================
Name: CVE-2013-0981
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0981
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130110
Category: 
Reference: CONFIRM:http://support.apple.com/kb/HT5702
Reference: CONFIRM:http://support.apple.com/kb/HT5704
Reference: APPLE:APPLE-SA-2013-03-19-1
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html
Reference: APPLE:APPLE-SA-2013-03-19-2
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00005.html

The IOUSBDeviceFamily driver in the USB implementation in the kernel
in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe
object pointers that originated in userspace, which allows local users
to gain privileges via crafted code.




From coley at mitre.org  Wed Mar 20 10:04:28 2013
From: coley at mitre.org (coley at mitre.org)
Date: Wed, 20 Mar 2013 11:04:28 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/20 11:00 ; count=5
Message-ID: <201303201504.r2KF4SVh020946@cairo.mitre.org>

======================================================
Name: CVE-2013-0232
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0232
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: EXPLOIT-DB:24310
Reference: URL:http://www.exploit-db.com/exploits/24310
Reference: MLIST:[oss-security] 20130128 Re: CVE Request: zoneminder: arbitrary command execution vulnerability
Reference: URL:http://www.openwall.com/lists/oss-security/2013/01/28/2
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910
Reference: MISC:http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability/
Reference: MISC:http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771
Reference: DEBIAN:DSA-2640
Reference: URL:http://www.debian.org/security/2013/dsa-2640
Reference: OSVDB:89529
Reference: URL:http://www.osvdb.org/89529

includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and
earlier allows remote attackers to execute arbitrary commands via
shell metacharacters in the (1) runState parameter in the
packageControl function; or (2) key or (3) command parameter in the
setDeviceStatusX10 function.



======================================================
Name: CVE-2013-0332
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0332
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: MLIST:[oss-security] 20130220 Re: CVE request: zoneminder: local file inclusion vulnerability
Reference: URL:http://www.openwall.com/lists/oss-security/2013/02/21/8
Reference: MLIST:[oss-security] 20130221 Re: CVE request: zoneminder: local file inclusion vulnerability
Reference: URL:http://www.openwall.com/lists/oss-security/2013/02/21/9
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700912
Reference: CONFIRM:http://www.zoneminder.com/forums/viewtopic.php?f=1&t=17979
Reference: CONFIRM:http://www.zoneminder.com/wiki/index.php/Change_History
Reference: DEBIAN:DSA-2640
Reference: URL:http://www.debian.org/security/2013/dsa-2640

Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x
before 1.24.4 allow remote attackers to read arbitrary files via a ..
(dot dot) in the (1) view, (2) request, or (3) action parameter.



======================================================
Name: CVE-2013-1766
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1766
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: DEBIAN:DSA-2650
Reference: URL:http://www.debian.org/security/2013/dsa-2650
Reference: BID:58178
Reference: URL:http://www.securityfocus.com/bid/58178
Reference: SECUNIA:52628
Reference: URL:http://secunia.com/advisories/52628

libvirt 1.0.2 and earlier sets the group owner to kvm for device
files, which allows local users to write to these files via
unspecified vectors.



======================================================
Name: CVE-2013-1842
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1842
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130311 Re: CVE Request: typo3 sql injection and open redirection
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/12/3
Reference: CONFIRM:http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/
Reference: DEBIAN:DSA-2646
Reference: URL:http://www.debian.org/security/2013/dsa-2646
Reference: BID:58330
Reference: URL:http://www.securityfocus.com/bid/58330
Reference: OSVDB:90925
Reference: URL:http://osvdb.org/90925
Reference: SECUNIA:52433
Reference: URL:http://secunia.com/advisories/52433
Reference: SECUNIA:52638
Reference: URL:http://secunia.com/advisories/52638

SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x
before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x
before 6.0.3 allows remote attackers to execute arbitrary SQL commands
via unspecified vectors, related to "the Query Object Model and
relation values."



======================================================
Name: CVE-2013-1843
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1843
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130311 Re: CVE Request: typo3 sql injection and open redirection
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/12/3
Reference: CONFIRM:http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/
Reference: DEBIAN:DSA-2646
Reference: URL:http://www.debian.org/security/2013/dsa-2646
Reference: BID:58330
Reference: URL:http://www.securityfocus.com/bid/58330
Reference: OSVDB:90924
Reference: URL:http://www.osvdb.org/90924
Reference: SECUNIA:52433
Reference: URL:http://secunia.com/advisories/52433
Reference: SECUNIA:52638
Reference: URL:http://secunia.com/advisories/52638

Open redirect vulnerability in the Access tracking mechanism in TYPO3
4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and
6.0.x before 6.0.3 allows remote attackers to redirect users to
arbitrary web sites and conduct phishing attacks via unspecified
vectors.




From coley at mitre.org  Wed Mar 20 11:04:28 2013
From: coley at mitre.org (coley at mitre.org)
Date: Wed, 20 Mar 2013 12:04:28 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/20 12:00 ; count=7
Message-ID: <201303201604.r2KG4SUS021359@cairo.mitre.org>

======================================================
Name: CVE-2013-1640
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1640
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130210
Category: 
Reference: CONFIRM:https://puppetlabs.com/security/cve/cve-2013-1640/
Reference: DEBIAN:DSA-2643
Reference: URL:http://www.debian.org/security/2013/dsa-2643
Reference: UBUNTU:USN-1759-1
Reference: URL:http://ubuntu.com/usn/usn-1759-1
Reference: SECUNIA:52596
Reference: URL:http://secunia.com/advisories/52596

The (1) template and (2) inline_template functions in the master
server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before
3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2
allows remote authenticated users to execute arbitrary code via a
crafted catalog request.



======================================================
Name: CVE-2013-1652
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1652
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130211
Category: 
Reference: CONFIRM:https://puppetlabs.com/security/cve/cve-2013-1652/
Reference: DEBIAN:DSA-2643
Reference: URL:http://www.debian.org/security/2013/dsa-2643
Reference: UBUNTU:USN-1759-1
Reference: URL:http://ubuntu.com/usn/usn-1759-1
Reference: BID:58443
Reference: URL:http://www.securityfocus.com/bid/58443
Reference: SECUNIA:52596
Reference: URL:http://secunia.com/advisories/52596

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and
Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote
authenticated users with a valid certificate and private key to read
arbitrary catalogs or poison the master's cache via unspecified
vectors.



======================================================
Name: CVE-2013-1653
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1653
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130211
Category: 
Reference: CONFIRM:https://puppetlabs.com/security/cve/cve-2013-1653/
Reference: DEBIAN:DSA-2643
Reference: URL:http://www.debian.org/security/2013/dsa-2643
Reference: UBUNTU:USN-1759-1
Reference: URL:http://ubuntu.com/usn/usn-1759-1
Reference: BID:58446
Reference: URL:http://www.securityfocus.com/bid/58446
Reference: SECUNIA:52596
Reference: URL:http://secunia.com/advisories/52596

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and
Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening
for incoming connections is enabled and allowing access to the "run"
REST endpoint is allowed, allows remote authenticated users to execute
arbitrary code via a crafted HTTP request.



======================================================
Name: CVE-2013-1654
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1654
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130211
Category: 
Reference: CONFIRM:https://puppetlabs.com/security/cve/cve-2013-1654/
Reference: DEBIAN:DSA-2643
Reference: URL:http://www.debian.org/security/2013/dsa-2643
Reference: UBUNTU:USN-1759-1
Reference: URL:http://ubuntu.com/usn/usn-1759-1
Reference: SECUNIA:52596
Reference: URL:http://secunia.com/advisories/52596

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet
Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL
protocol between client and master, which allows remote attackers to
conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified
vectors.



======================================================
Name: CVE-2013-1655
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1655
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130211
Category: 
Reference: CONFIRM:https://puppetlabs.com/security/cve/cve-2013-1655/
Reference: DEBIAN:DSA-2643
Reference: URL:http://www.debian.org/security/2013/dsa-2643
Reference: UBUNTU:USN-1759-1
Reference: URL:http://ubuntu.com/usn/usn-1759-1
Reference: BID:58442
Reference: URL:http://www.securityfocus.com/bid/58442
Reference: SECUNIA:52596
Reference: URL:http://secunia.com/advisories/52596

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby
1.9.3 or later, allows remote attackers to execute arbitrary code via
vectors related to "serialized attributes."



======================================================
Name: CVE-2013-2274
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2274
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130226
Category: 
Reference: CONFIRM:https://puppetlabs.com/security/cve/cve-2013-2274/
Reference: DEBIAN:DSA-2643
Reference: URL:http://www.debian.org/security/2013/dsa-2643
Reference: BID:58447
Reference: URL:http://www.securityfocus.com/bid/58447
Reference: SECUNIA:52596
Reference: URL:http://secunia.com/advisories/52596

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7
allows remote authenticated users to execute arbitrary code on the
puppet master, or an agent with puppet kick enabled, via a crafted
request for a report.



======================================================
Name: CVE-2013-2275
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2275
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130226
Category: 
Reference: CONFIRM:https://puppetlabs.com/security/cve/cve-2013-2275/
Reference: DEBIAN:DSA-2643
Reference: URL:http://www.debian.org/security/2013/dsa-2643
Reference: UBUNTU:USN-1759-1
Reference: URL:http://ubuntu.com/usn/usn-1759-1
Reference: BID:58449
Reference: URL:http://www.securityfocus.com/bid/58449
Reference: SECUNIA:52596
Reference: URL:http://secunia.com/advisories/52596

The default configuration for puppet masters 0.25.0 and later in
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and
Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote
authenticated nodes to submit reports for other nodes via unspecified
vectors.




From coley at mitre.org  Wed Mar 20 12:00:08 2013
From: coley at mitre.org (Christey, Steven M.)
Date: Wed, 20 Mar 2013 17:00:08 +0000
Subject: [VIM] "context-dependent" and "user-assisted" terminology in CVE
Message-ID: <FC72FC641B949240B947AC6F1F83FBAF0904E0CD@IMCMBX01.MITRE.ORG>

Prompted by a Twitter conversation with Jericho a little while ago, here is how CVE uses certain terms in our descriptions.  We try to be consistent in this usage, although there can be exceptions.

It would be nice to get some alignment with OSVDB, especially because OSVDB seems to use "context-dependent" in a different way than CVE.

- Steve


Context-dependent
-------------------------

This term is used when the attack could be local or
remote, depending on the context in which the vulnerable code is used.
This is typically used for language interpreters and libraries, where
the attack vector is entirely dependent on the logic of the
application that is using the interpreter or library.

My initial VIM post:
http://www.attrition.org/pipermail/vim/2006-February/000538.html

CVE examples: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=context-dependent


User-assisted
-----------------

This term is used when the attack requires a victim to
INTERACTIVELY allow the attack to happen, *and* this interaction
is not part of common usage; or, when the attacker has to
passively wait for the victim to perform some action that is not
usual.  Typically involves some direct social engineering.

Example: having to trick a user into clicking and dragging an icon
to a particular location, or to ignore a warning of dangerous
behavior, is user-assisted; but tricking a user into clicking a
malicious link is NOT user-assisted, since clicking on links is a
fundamental activity for surfing the web.

My initial VIM post:
http://www.attrition.org/pipermail/vim/2006-August/000968.html

CVE examples: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=user-assisted


Physically Proximate
-------------------------

Person must have physical access to the device or environment in
order to exploit the vulnerability.  Examples: touching a workstation
keyboard or USB device; "shoulder surfing" to see a workstation's
display; touching the screen of a mobile device;
plugging into a serial port.  Note: physical contact must be required;
thus Near Field Communications, WiFi, etc. are called
"remote" within CVE.

CVE examples: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=physically+proximate


From jericho at attrition.org  Wed Mar 20 12:34:15 2013
From: jericho at attrition.org (security curmudgeon)
Date: Wed, 20 Mar 2013 12:34:15 -0500 (CDT)
Subject: [VIM] CVE-2013-0332 / CVE-2013-0232 (Zoneminder) mapping errors
In-Reply-To: <FC72FC641B949240B947AC6F1F83FBAF0904DE01@IMCMBX01.MITRE.ORG>
References: <FC72FC641B949240B947AC6F1F83FBAF0904DE01@IMCMBX01.MITRE.ORG>
Message-ID: <alpine.LNX.2.00.1303201233010.1050@forced.attrition.org>


On Wed, 20 Mar 2013, Christey, Steven M. wrote:

: Apparently some sources, including Exploit-DB and OSVDB, are using 
: incorrect CVEs for Zoneminder issues.
: 
: Whether this was a typo somewhere I don't know.

We got the CVE from EDB, which appeared to typo it. Since CVE was not 
open, we could not verify the assignment ourselves. This was two months 
ago, and the CVEs are just now open today =)


From coley at mitre.org  Wed Mar 20 13:04:29 2013
From: coley at mitre.org (coley at mitre.org)
Date: Wed, 20 Mar 2013 14:04:29 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/20 14:00 ; count=10
Message-ID: <201303201804.r2KI4TGS022623@cairo.mitre.org>

======================================================
Name: CVE-2013-0711
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0711
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121228
Category: 
Reference: MISC:http://jvn.jp/en/jp/JVN45545972/995359/index.html
Reference: JVN:JVN#45545972
Reference: URL:http://jvn.jp/en/jp/JVN45545972/index.html
Reference: JVNDB:JVNDB-2013-000018
Reference: URL:http://jvndb.jvn.jp/jvndb/JVNDB-2013-000018

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9
allows remote attackers to cause a denial of service (daemon outage)
via a crafted authentication request.



======================================================
Name: CVE-2013-0712
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0712
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121228
Category: 
Reference: MISC:http://jvn.jp/en/jp/JVN01611135/995359/index.html
Reference: JVN:JVN#01611135
Reference: URL:http://jvn.jp/en/jp/JVN01611135/index.html
Reference: JVNDB:JVNDB-2013-000019
Reference: URL:http://jvndb.jvn.jp/jvndb/JVNDB-2013-000019

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9
allows remote authenticated users to cause a denial of service (daemon
outage) via a crafted packet.



======================================================
Name: CVE-2013-0713
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0713
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121228
Category: 
Reference: MISC:http://jvn.jp/en/jp/JVN52492830/995359/index.html
Reference: JVN:JVN#52492830
Reference: URL:http://jvn.jp/en/jp/JVN52492830/index.html
Reference: JVNDB:JVNDB-2013-000020
Reference: URL:http://jvndb.jvn.jp/jvndb/JVNDB-2013-000020

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9
allows remote authenticated users to cause a denial of service (daemon
outage) via a crafted pty request.



======================================================
Name: CVE-2013-0714
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0714
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121228
Category: 
Reference: MISC:http://jvn.jp/en/jp/JVN20671901/995359/index.html
Reference: JVN:JVN#20671901
Reference: URL:http://jvn.jp/en/jp/JVN20671901/index.html
Reference: JVNDB:JVNDB-2013-000021
Reference: URL:http://jvndb.jvn.jp/jvndb/JVNDB-2013-000021

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9
allows remote attackers to execute arbitrary code or cause a denial of
service (daemon hang) via a crafted public-key authentication request.



======================================================
Name: CVE-2013-0715
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0715
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121228
Category: 
Reference: MISC:http://jvn.jp/en/jp/JVN65923092/995359/index.html
Reference: JVN:JVN#65923092
Reference: URL:http://jvn.jp/en/jp/JVN65923092/index.html
Reference: JVNDB:JVNDB-2013-000022
Reference: URL:http://jvndb.jvn.jp/jvndb/JVNDB-2013-000022

The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows
remote authenticated users to cause a denial of service (CLI session
crash) via a crafted command string.



======================================================
Name: CVE-2013-0716
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0716
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121228
Category: 
Reference: MISC:http://jvn.jp/en/jp/JVN41022517/995359/index.html
Reference: JVN:JVN#41022517
Reference: URL:http://jvn.jp/en/jp/JVN41022517/index.html
Reference: JVNDB:JVNDB-2013-000023
Reference: URL:http://jvndb.jvn.jp/jvndb/JVNDB-2013-000023

The web server in Wind River VxWorks 5.5 through 6.9 allows remote
attackers to cause a denial of service (daemon crash) via a crafted
URI.



======================================================
Name: CVE-2013-1750
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1750
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130215
Category: 
Reference: CONFIRM:http://service.real.com/realplayer/security/03152013_player/en/

Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18
and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute
arbitrary code via a malformed MP4 file.



======================================================
Name: CVE-2013-1876
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1876
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2013-2615.  Reason:
This candidate is a duplicate of CVE-2013-2615.  Notes: All CVE users
should reference CVE-2013-2615 instead of this candidate.  All
references and descriptions in this candidate have been removed to
prevent accidental usage.



======================================================
Name: CVE-2013-1877
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1877
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2013-2616.  Reason:
This candidate is a duplicate of CVE-2013-2616.  Notes: All CVE users
should reference CVE-2013-2616 instead of this candidate.  All
references and descriptions in this candidate have been removed to
prevent accidental usage.



======================================================
Name: CVE-2013-1878
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1878
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2013-2617.  Reason:
This candidate is a duplicate of CVE-2013-2617.  Notes: All CVE users
should reference CVE-2013-2617 instead of this candidate.  All
references and descriptions in this candidate have been removed to
prevent accidental usage.




From brian at opensecurityfoundation.org  Wed Mar 20 13:31:12 2013
From: brian at opensecurityfoundation.org (Brian Martin)
Date: Wed, 20 Mar 2013 13:31:12 -0500 (CDT)
Subject: [VIM] 267 Missing CVE in Jan, 2013 - please assign
Message-ID: <alpine.LNX.2.00.1303201328020.1050@forced.attrition.org>


OSVDB has currently 757 vulnerabilities for Jan 2013. Of these, 267 do not 
have CVE identifiers.

For your convenience, you can use the following URL to quickly list them, 
along with the OSVDB ID. Please feel free to use our references and don't 
hesitate to ask questions!

http://direct.osvdb.org/search/search?search%5Bvuln_title%5D=&search%5Btext_type%5D=titles&search%5Bs_date%5D=2012-12-31&search%5Be_date%5D=2013-02-01&search%5Brefid%5D=&search%5Breferencetypes%5D=%21CVEID&search%5Bvendors%5D=&search%5Bcvss_score_from%5D=&search%5Bcvss_score_to%5D=&search%5Bcvss_av%5D=*&search%5Bcvss_ac%5D=*&search%5Bcvss_a%5D=*&search%5Bcvss_ci%5D=*&search%5Bcvss_ii%5D=*&search%5Bcvss_ai%5D=*&kthx=search

or

http://preview.tinyurl.com/2013-01-missing-cve

Thanks!

Brian
OSVDB.org

From kseifried at redhat.com  Wed Mar 20 13:54:23 2013
From: kseifried at redhat.com (Kurt Seifried)
Date: Wed, 20 Mar 2013 12:54:23 -0600
Subject: [VIM] CVE-2013-0332 / CVE-2013-0232 (Zoneminder) mapping errors
In-Reply-To: <alpine.LNX.2.00.1303201233010.1050@forced.attrition.org>
References: <FC72FC641B949240B947AC6F1F83FBAF0904DE01@IMCMBX01.MITRE.ORG>
	<alpine.LNX.2.00.1303201233010.1050@forced.attrition.org>
Message-ID: <514A05DF.4000204@redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/20/2013 11:34 AM, security curmudgeon wrote:
> 
> On Wed, 20 Mar 2013, Christey, Steven M. wrote:
> 
> : Apparently some sources, including Exploit-DB and OSVDB, are
> using : incorrect CVEs for Zoneminder issues. : : Whether this was
> a typo somewhere I don't know.
> 
> We got the CVE from EDB, which appeared to typo it. Since CVE was
> not open, we could not verify the assignment ourselves. This was
> two months ago, and the CVEs are just now open today =)

Steven: it might be worth revisiting the "URL only" CVEs I had
suggested some time ago, e.g. put up CVE entries with just a
CVE/URL(s) (e.g. the oss-sec posting and any relevant urls mentioned
like the source code fix/advisory/etc.). This would prevent this kind
of error and give people something to at least confirm the CVE/etc.
exists and is correct.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRSgXfAAoJEBYNRVNeJnmT5kIP/jAaeXK2e8w2WbEug0H0O34k
JGeEAxvPOsGeLIUjo8j/7U5q1m68ZX3zF826zyYHsS2AFaYqf3F8NA9mpz0ec+Ae
h9uddMCtAO+ha79+lMdrPd73QFTO2u+h8jQQodF2YEy/p91l5hJLaVpEOOL40mgt
eU1mP+DjE6XKKq/cSI4lYtkMBUoew6SBjTa+/clFyShXIUlJ3Q0ZTonG8CkfZOss
UWdNvh05RED0gi9ZGXVOGF5IPnMJeXBWWQeLtJuoIDTsvn2THLX1MSIia3DJ1Tnp
+lPHAUhgwBv5C5QhKa3z1y9ymwbobcJh15QM/FgjAVbqVU6IusjRALzolhoTSNvm
CFaMzGuupscwl5dzoe31iDfdCvOTt9LeN2KgctKTxaf87D1UM2i4ncSeRhUow+IN
n5fUlwBFyxKnP7MozoJDURwvDapOxm5Q1/NxH9kjRRbNQ4p8oVwlNdcocFHMH2Xg
cRLd945tmR6D7xlSRKqKV6oCSGR+Jk/9pS3IpZ2tLHyW4lcoZ7PD3K4A/RFQCKk9
I9LTZRRbNN9SHsbMNDoYh4g1WawO0bTcc+Is9JgFz4azD21kToq+ZtLKDA3qTU5e
kGaNNjEdyaFMYDFxXVFv7j6Vc2KITvgNmUiPPNmAFGwZsTA9qa3r6AVIF8f2KfLw
jKhanJJAdhiIg/RHy3RH
=swtX
-----END PGP SIGNATURE-----

From kseifried at redhat.com  Wed Mar 20 14:03:13 2013
From: kseifried at redhat.com (Kurt Seifried)
Date: Wed, 20 Mar 2013 13:03:13 -0600
Subject: [VIM] 267 Missing CVE in Jan, 2013 - please assign
In-Reply-To: <alpine.LNX.2.00.1303201328020.1050@forced.attrition.org>
References: <alpine.LNX.2.00.1303201328020.1050@forced.attrition.org>
Message-ID: <514A07F1.3020404@redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/20/2013 12:31 PM, Brian Martin wrote:
> 
> OSVDB has currently 757 vulnerabilities for Jan 2013. Of these, 267
> do not have CVE identifiers.
> 
> For your convenience, you can use the following URL to quickly
> list them, along with the OSVDB ID. Please feel free to use our
> references and don't hesitate to ask questions!
> 
> http://direct.osvdb.org/search/search?search%5Bvuln_title%5D=&search%5Btext_type%5D=titles&search%5Bs_date%5D=2012-12-31&search%5Be_date%5D=2013-02-01&search%5Brefid%5D=&search%5Breferencetypes%5D=%21CVEID&search%5Bvendors%5D=&search%5Bcvss_score_from%5D=&search%5Bcvss_score_to%5D=&search%5Bcvss_av%5D=*&search%5Bcvss_ac%5D=*&search%5Bcvss_a%5D=*&search%5Bcvss_ci%5D=*&search%5Bcvss_ii%5D=*&search%5Bcvss_ai%5D=*&kthx=search
>
> 
> 
> or
> 
> http://preview.tinyurl.com/2013-01-missing-cve
> 
> Thanks!
> 
> Brian OSVDB.org

Apologies if the following questions have been asked/answered before,
I've only been on the VIM list for a few days now. I appreciate what
osvdb does, it's a thankless task and a ton of work. However I have
some concerns:

How have you confirmed that no cve is assigned? E.g. a quick look and
I see at least one for which I assigned CVEs publicly:

http://direct.osvdb.org/show/osvdb/89328
Piwik Multiple Unspecified XSS
http://piwik.org/blog/2013/01/piwik-1-10/

I assigned the CVEs here:
http://www.openwall.com/lists/oss-security/2013/01/17/15

based on the same url as you
(http://piwik.org/blog/2013/01/piwik-1-10/). So I can't simply use
this list to assign CVE's for the Open Source stuff since it is
incorrect (e.g. stuff for which you say no CVE is assigned do have
CVE's assigned). I also don't have the time to confirm a CVE was not
assigned through some other method (e.g. via Mitre/etc.).

Also for the vendor stuff like Apple/Adobe/Google where that vendor is
a CNA have you reached out to them to confirm no CVE is assigned
and/or get a CVE assigned as needed?

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRSgfxAAoJEBYNRVNeJnmTKEsQAL0gnHzagD3GBNNmi5IuZ0+c
DhNpVxChOZYrUQrsYw/yXIPm4L+0lxLTJYrGw6U3328mkvsRbruJd7tdS73cx7Vw
y4kfhghSaLaP+ro22TxgF/0k6wlBiesmJCmLxP3LCjzocYZaC5Py6R1xu4Yyc5oT
cG4HX+Bnc9SSThGDhZMb7h5mMEJX2mkZ/d84CcGw7kpSFqb5XS92A/wwkyphbth5
Oe8Gmqk4QN8iwS9D27vkd2BvIZIi1+2KlKg4t3QY3OsRQO3arlITTsEQ2ii+59up
5/7GFPACFCm5Orw2v1mRSfm9suHklulQC3Z7pxblQKvlGhLxXii1JoC1ooFDkVnv
3j1QGnw10NSRHYrFO5krRAGqyiEZcXG687a9tSwLoUnfmFA6SW/p3+6NAEjwAG1X
I/j/X8ADzfG6uCPDmlBvSLOYuEkzNK4eNjH8EOMXyi0CSpg/WRZ5nI8f4ESLRJxK
72ISLGMcwbJEGcnTIN5jt//AVWMm0uPhNNj24zjvx0LKboTzQZ1EyNetuap2oaId
9A+D6u08u43aZhI2TvAkcguB8wt0y3PFiUN9JcSB04DMzxQYan1wdvRNwZ1gPvEv
vUDs99+c5ALXdVvhCmyDrD0d6LuWM5wnVpubUJHU6f2CVwQlEq3Kdr9AJpnBi63h
vluicggksk2YRQqRz8u0
=LMZ5
-----END PGP SIGNATURE-----

From brian at opensecurityfoundation.org  Wed Mar 20 15:11:47 2013
From: brian at opensecurityfoundation.org (Brian Martin)
Date: Wed, 20 Mar 2013 15:11:47 -0500 (CDT)
Subject: [VIM] 267 Missing CVE in Jan, 2013 - please assign
In-Reply-To: <514A07F1.3020404@redhat.com>
References: <alpine.LNX.2.00.1303201328020.1050@forced.attrition.org>
	<514A07F1.3020404@redhat.com>
Message-ID: <alpine.LNX.2.00.1303201458260.1050@forced.attrition.org>



On Wed, 20 Mar 2013, Kurt Seifried wrote:

: > http://preview.tinyurl.com/2013-01-missing-cve

: How have you confirmed that no cve is assigned? E.g. a quick look and I 
: see at least one for which I assigned CVEs publicly:

The current system makes that time-consuming and 'cost' prohibitive to us. 
There are too many CNAs operating, and the current system is not designed 
to allow a CNA-assigned ID to appear in a central location (e.g. 
cve.mitre.org) to verify. As you mentioned in your previous mail to VIM, 
if a system was in place so we could see the assignment, even if the CVE 
has not been completed (e.g. the text, x-refs to the usual VDBs), that 
would be extremely helpful. Having to wait months to see the actual CVE is 
problematic.

: http://direct.osvdb.org/show/osvdb/89328
: Piwik Multiple Unspecified XSS
: http://piwik.org/blog/2013/01/piwik-1-10/
: 
: I assigned the CVEs here:
: http://www.openwall.com/lists/oss-security/2013/01/17/15
: 
: based on the same url as you
: (http://piwik.org/blog/2013/01/piwik-1-10/). So I can't simply use
: this list to assign CVE's for the Open Source stuff since it is
: incorrect (e.g. stuff for which you say no CVE is assigned do have

The list isn't "incorrect", we simply missed one (likely a few) CVE 
assignments, again because of the varied places they can pop up for 
initial disclosure. While we follow OSS-Sec almost daily, sometimes the 
delays in assigning via that list (e.g. when there is discussion leading 
up to the assignment) is substantial as well.

: CVE's assigned). I also don't have the time to confirm a CVE was not 
: assigned through some other method (e.g. via Mitre/etc.).

Neither do we. We already spend a *lot* of time trying to get timely CVE 
information added to our entries. So I asked CVE to deal with these 
assignments, not you, or OSS-Sec, or any other CNA.

: Also for the vendor stuff like Apple/Adobe/Google where that vendor is a 
: CNA have you reached out to them to confirm no CVE is assigned and/or 
: get a CVE assigned as needed?

Honestly, no, and it shouldn't be our job to do that. If a CNA is 
releasing security fix information themselves, and not assigning a CVE 
promptly, AND including it in the public source we got the information 
from, then their CNA status should be revoked. They completely miss the 
point of CVE. If Google is a CNA, and there is a security-related 
Chrome/WebKit issue in their tracker, then a CVE should be included with 
it as soon as it is identified as security-related. If that is too much to 
ask, they don't need to be a CNA, when other CNAs (e.g. you) are 
incredibly responsive and very quick to assign.

Using your example above, if a WebKit issue is deemed security related, 
who exactly would issue the CVE in that case, if both Apple and Google are 
CNAs? They both contribute to the project. I don't know about you, but I 
would rather not hold my breath while those two organizations bang their 
heads together for a few days or weeks trying to figure out who gets to 
assign. Google is already doing a MISERABLE job in making their 
vulnerabilities clear. The last 30 days, Carsten Eiram has found an 
incredible number of "Chrome" vulnerabilities that are really WebKit, and 
potentially affect more browsers than just Chrome.

I understand that CVE is strained under the pressure of assignments 
lately, and the last year of board meetings have made it clear that they 
simply can't keep up. Knowing that, I think CVE should focus on 
streamlining the process to assist the community, rather than keep doing 
the same thing. Just like CVSS is on v2, with v3 in the works, CVE needs 
to evolve every couple of years to handle the work load.

Also note that my mail requesting these CVEs was half in jest. Sure, I 
would love to see a CVE assigned for every known issue, but they have made 
it clear that can't happen most likely. Hell, even you have told Debian 
"no" when they gave you a concise list of security issues and asked for 
CVE identifiers. Rather than work through the list, you said they had to 
post to OSS-Sec to request them. I understand your decision to do so, but 
it also speaks to the problem of volume.

Earlier last year I suggested that CVE utilize more CNAs to handle this. I 
still advocate that, but I must ammend my suggestion to include 
"responsible CNAs", as most operating these days are not so helpful.

Brian

From kseifried at redhat.com  Wed Mar 20 15:27:02 2013
From: kseifried at redhat.com (Kurt Seifried)
Date: Wed, 20 Mar 2013 14:27:02 -0600
Subject: [VIM] 267 Missing CVE in Jan, 2013 - please assign
In-Reply-To: <alpine.LNX.2.00.1303201458260.1050@forced.attrition.org>
References: <alpine.LNX.2.00.1303201328020.1050@forced.attrition.org>
	<514A07F1.3020404@redhat.com>
	<alpine.LNX.2.00.1303201458260.1050@forced.attrition.org>
Message-ID: <514A1B96.5090208@redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/20/2013 02:11 PM, Brian Martin wrote:
> The current system makes that time-consuming and 'cost' prohibitive
> to us.

Understandable.


> The list isn't "incorrect", we simply missed one (likely a few) CVE
>  assignments, again because of the varied places they can pop up
> for initial disclosure. While we follow OSS-Sec almost daily,
> sometimes the delays in assigning via that list (e.g. when there is
> discussion leading up to the assignment) is substantial as well.

Yup. I have tried to narrow that by teaching people to make better
requests so I don't have to reply back and forth with their requests.

> Neither do we. We already spend a *lot* of time trying to get
> timely CVE information added to our entries. So I asked CVE to deal
> with these assignments, not you, or OSS-Sec, or any other CNA.

Ah ok, I generally handle Open Source stuff so I assumed I was wanted
=). I also want to go through that list and make sure everything that
affects Red Hat is covered (cause that's what I get paid to do =).

> Honestly, no, and it shouldn't be our job to do that. If a CNA is 
> releasing security fix information themselves, and not assigning a
> CVE promptly, AND including it in the public source we got the
> information from, then their CNA status should be revoked. They
> completely miss the

Agreed. I actually meant more along the lines of "has anyone notified
them at all?" in addition to the CVE messy bits. Not all vendors
actually bother to read oss-sec/full disclosure/etc on the off chance
they get mentioned.

> I understand that CVE is strained under the pressure of assignments
>  lately, and the last year of board meetings have made it clear
> that they simply can't keep up. Knowing that, I think CVE should
> focus on streamlining the process to assist the community, rather
> than keep doing the same thing. Just like CVSS is on v2, with v3 in
> the works, CVE needs to evolve every couple of years to handle the
> work load.
> 
> Also note that my mail requesting these CVEs was half in jest.
> Sure, I would love to see a CVE assigned for every known issue, but
> they have made

Me too. It makes everyone's life easier. And I think it's an
attainable goal, but probably not with our current setup/processes.

> it clear that can't happen most likely. Hell, even you have told
> Debian "no" when they gave you a concise list of security issues
> and asked for CVE identifiers. Rather than work through the list,
> you said they had to

Cause I'm lazy and already assigning buttloads of CVEs (and again,
mostly quality issues, if that list was 100% correct and guarenteed
than I could do all the cves in 4 minutes). But most of these lists
often need investigation for which I don't have time (5 minutes per
requests times 100-200 and boom my week is gone).

> post to OSS-Sec to request them. I understand your decision to do
> so, but it also speaks to the problem of volume.
> 
> Earlier last year I suggested that CVE utilize more CNAs to handle
> this. I still advocate that, but I must ammend my suggestion to
> include "responsible CNAs", as most operating these days are not so
> helpful.

Yeah. One thing i have been thinking about is having specifical people
take specific projects and handle the CVE requests/make sure they are
good and then I can assign them way faster. For example WordPress (not
to pick on them, it's just a widely used package) for which the vendor
isn't doing CVE requests/etc. and people want them to have CVEs
someone could step up and handle that. Get a few dozen people and
suddenly we have much better coverage of popular software. So they
wouldn't be a CNA, but maybe some sort of semi official
"CVE-Requestor" and so for Wordpress I only take requests from that
person, and point reporters at them. This way most of the grunt work
gets farmed out and done and the CVE assignment no longer need
research since it's already been done. Steven: thoughts/comments? If
it were quasi official that would probably help.

> 
> Brian
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRShuVAAoJEBYNRVNeJnmTalcQAKwjPfJTl3dAKpK1DklCGQgr
kZzuOt32PASMh1dEFMQxjrH11CiBzWOK0B1gqdGvsGg5LBJWhSmw8wwO8dd8BWe/
0r1F3Zdkc3Ib9S0CdmBFFmTNCqA2Oj66Rv56Td2JLMvCoFLn9zR/Suq+iYx5yQg4
635MhiPhPQ1hfDlk6ZWEm4kVxcJdfyqVZnzNzvXNr41e8N0lIKtbRK3hs9RvXeHs
5K+bq3KG8BIwkQqVtwSYPV2Yaddt5jhwHJbMc11L7pHIersqZIYqFdn/SyfYBx8x
Tc97Uv/oxMqlRpKtthAe5KshohcGCBJA1v/I3MpKZbV7SYZoANmFspoL/9E4RWtc
7bxBd2ZR/1sn7pkvO3lMAwiky+Mc/a5Knsp9dai+cxAKV4bBaCqTQZYYp15wFIbN
dX7zQc96Ts6U/htzZrFRoFj6S5o63kkQt+mSCu0v6p74BMpCCefPQsENSMXU9P1P
6RX+MaFFNjBYfQ7je62lJFJdeIY+l9NrzKY9hVx7H0Nj1m2so6K9ZEVu2muPeLgd
b/4L5cHbrCG3dmtsmAp9gfkL17kJJqDHsZuJGM+t3ptEXFe9Ak1CH7R8iwDW8P0O
OKqSOBe8tDNA95PNPeuUuQQjT0AHnR7CSX+g/nQ3cbwEAU+DokX5durXlABp3zFX
tgqgfgrb0MQRV7WXpOl9
=G7gC
-----END PGP SIGNATURE-----

From brian at opensecurityfoundation.org  Wed Mar 20 15:39:01 2013
From: brian at opensecurityfoundation.org (Brian Martin)
Date: Wed, 20 Mar 2013 15:39:01 -0500 (CDT)
Subject: [VIM] 267 Missing CVE in Jan, 2013 - please assign
In-Reply-To: <514A1B96.5090208@redhat.com>
References: <alpine.LNX.2.00.1303201328020.1050@forced.attrition.org>
	<514A07F1.3020404@redhat.com>
	<alpine.LNX.2.00.1303201458260.1050@forced.attrition.org>
	<514A1B96.5090208@redhat.com>
Message-ID: <alpine.LNX.2.00.1303201533190.18456@forced.attrition.org>


On Wed, 20 Mar 2013, Kurt Seifried wrote:

: > Neither do we. We already spend a *lot* of time trying to get
: > timely CVE information added to our entries. So I asked CVE to deal
: > with these assignments, not you, or OSS-Sec, or any other CNA.
: 
: Ah ok, I generally handle Open Source stuff so I assumed I was wanted 
: =). I also want to go through that list and make sure everything that 
: affects Red Hat is covered (cause that's what I get paid to do =).

As such, I'd imagine you are slowly working through that Debian list for 
Red Hat's benefit, if not as a CNA?

: > Honestly, no, and it shouldn't be our job to do that. If a CNA is 
: > releasing security fix information themselves, and not assigning a
: > CVE promptly, AND including it in the public source we got the
: > information from, then their CNA status should be revoked. They
: > completely miss the
: 
: Agreed. I actually meant more along the lines of "has anyone notified 
: them at all?" in addition to the CVE messy bits. Not all vendors 
: actually bother to read oss-sec/full disclosure/etc on the off chance 
: they get mentioned.

Quite a few of our entries that do not have CVE (historical, not just Jan 
2013) are actually from vendor sources. Changelogs, bug trackers, etc. So 
yes, many of them are aware of the issue, just that they don't know the 
value of getting a CVE or simply don't care.

: > it clear that can't happen most likely. Hell, even you have told
: > Debian "no" when they gave you a concise list of security issues
: > and asked for CVE identifiers. Rather than work through the list,
: > you said they had to
: 
: Cause I'm lazy and already assigning buttloads of CVEs (and again, 
: mostly quality issues, if that list was 100% correct and guarenteed than 
: I could do all the cves in 4 minutes). But most of these lists often 
: need investigation for which I don't have time (5 minutes per requests 
: times 100-200 and boom my week is gone).

Right now, it is taking me a good 15+ minutes per entry to create an ID on 
our side. The time is spent reading the bug report (when possible), 
looking for upstream vendor URL, changelog, etc. One of our biggest 
'problems' when a Linux distro reports/fixes a bug, is that the solution 
is specific to that distro. We have to then check upstream to see if the 
vendor fixed it or not, and mangle accordingly. I don't think that the 
Linux distro is responsible for doing that, don't get me wrong. Just how 
we operate as we create entries based on the 'root cause' as much as 
possible.

: > Earlier last year I suggested that CVE utilize more CNAs to handle
: > this. I still advocate that, but I must ammend my suggestion to
: > include "responsible CNAs", as most operating these days are not so
: > helpful.
: 
: Yeah. One thing i have been thinking about is having specifical people
: take specific projects and handle the CVE requests/make sure they are
: good and then I can assign them way faster. For example WordPress (not
: to pick on them, it's just a widely used package) for which the vendor
: isn't doing CVE requests/etc. and people want them to have CVEs

WordPress and Drupal, by way of their 92384 extensions, and soon to be 
Ruby by way of their 92384 gems, should each have 1 person doing CVE 
assignments. That would make all of our lives a lot easier.

: suddenly we have much better coverage of popular software. So they 
: wouldn't be a CNA, but maybe some sort of semi official "CVE-Requestor" 
: and so for Wordpress I only take requests from that person, and point 
: reporters at them. This way most of the grunt work gets farmed out and 
: done and the CVE assignment no longer need research since it's already 
: been done. Steven: thoughts/comments? If it were quasi official that 
: would probably help.

I've thought about OSVDB becoming a CNA specifically to assign for 
historical issues. That is one area Steve has indicated is too low 
priority for them to deal with. For example, if a 2000 vulnerability still 
does not have an open CVE assigned by 2012, I think it would be safe for 
us to assign one. The odds of duplicates are pretty low, and CVE could 
spot check any of them before officially assigning if they wanted.

But, that is a lot of work for little value, as most people don't care 
about historical like we do.

Brian


From kseifried at redhat.com  Wed Mar 20 15:49:14 2013
From: kseifried at redhat.com (Kurt Seifried)
Date: Wed, 20 Mar 2013 14:49:14 -0600
Subject: [VIM] 267 Missing CVE in Jan, 2013 - please assign
In-Reply-To: <alpine.LNX.2.00.1303201533190.18456@forced.attrition.org>
References: <alpine.LNX.2.00.1303201328020.1050@forced.attrition.org>
	<514A07F1.3020404@redhat.com>
	<alpine.LNX.2.00.1303201458260.1050@forced.attrition.org>
	<514A1B96.5090208@redhat.com>
	<alpine.LNX.2.00.1303201533190.18456@forced.attrition.org>
Message-ID: <514A20CA.4090302@redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/20/2013 02:39 PM, Brian Martin wrote:
> 
> On Wed, 20 Mar 2013, Kurt Seifried wrote:
> 
> : > Neither do we. We already spend a *lot* of time trying to get :
> > timely CVE information added to our entries. So I asked CVE to
> deal : > with these assignments, not you, or OSS-Sec, or any other
> CNA. : : Ah ok, I generally handle Open Source stuff so I assumed I
> was wanted : =). I also want to go through that list and make sure
> everything that : affects Red Hat is covered (cause that's what I
> get paid to do =).
> 
> As such, I'd imagine you are slowly working through that Debian
> list for Red Hat's benefit, if not as a CNA?

At some point I might, but like I said I already work more then 40
hours a week (plus other time commitments like sleep and family) so
giving more time to CVE is hard, I try to maximize the work I put in.
oss-sec is relatively good because these are people that care enough
to make requests and I can poke them back to fix their requests by
hitting the reply button, going through a debian/osvdb list takes a
huge amount of time in comparision, if I find an issue I then need to
figure out how to contact the reporter, who by definition doesn't care
about CVE or they would have already asked for it, so that turns into
a huge time sink. As you no doubt know =).

> Quite a few of our entries that do not have CVE (historical, not
> just Jan 2013) are actually from vendor sources. Changelogs, bug
> trackers, etc. So yes, many of them are aware of the issue, just
> that they don't know the value of getting a CVE or simply don't
> care.

Yeah and those take forever to assign because the things I need to
assign a CVE are usually missing (by definition anyone doing really
good security reporting for their project/etc. will also be getting
CVEs usually).

> Right now, it is taking me a good 15+ minutes per entry to create
> an ID on our side. The time is spent reading the bug report (when
> possible), looking for upstream vendor URL, changelog, etc. One of
> our biggest 'problems' when a Linux distro reports/fixes a bug, is
> that the solution is specific to that distro. We have to then check
> upstream to see if the vendor fixed it or not, and mangle
> accordingly. I don't think that the Linux distro is responsible for
> doing that, don't get me wrong. Just how we operate as we create
> entries based on the 'root cause' as much as possible.

Yup. I did that for 9.5 years at iSIGHT/iDefense, one of the reasons I
left (I was going insane).

> WordPress and Drupal, by way of their 92384 extensions, and soon to
> be Ruby by way of their 92384 gems, should each have 1 person doing
> CVE assignments. That would make all of our lives a lot easier.

Yah. I'm engaging with the ruby community, they seem receptive at the
higher levels (e.g. the people who run rubygems.org), engaging with
the end devs is pointless, there are simply to many (50k gems times 1+
dev/owner per gem, not all speak english, or care, or are alive,
etc.). We need solutions that scale, what they are, I'm not sure.

> Brian

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRSiDKAAoJEBYNRVNeJnmTlxUP/2e9KewQq+STybDyt9nkS8kf
8vkhEgqJcTjEYyI4qbUF1RaU+Eg8vS32nxBd+RGrL1DGag3H9pJMlKuBndqyaNwM
znrsfKSrnVN6iA89hDKgtU6OrdIJjRKOqZlp5XY2cjRYLqVj5RjQoUSYmwxav+TE
pXH4lZpb5e9eqSrsGTEinplR5IAHNG/Jt5Iz/c9eaIjfd78hljjAhoAx8w+pVUxG
LlbnKHXaS9DrPa8uFsSnn7zRLTCCRgJ19GBqPqACncX5tZQs6h1JgdH4xcmLETnw
S+P+EHtoMVnYxboGLRFAcZr7eUt2n2XKfWF+g8hn1m3q3NL7xpqcWraE3jw4TP7j
ErgI0OjLnnSuzJT5DUpJ3cQgxwfdYNgBRvoCXE9NJ2QpPuci4l4y/tI2l11mz6e1
EcnyU3NlHiE08fY12S4V+g68CbU+k9/cIRr0SHHJSF2WXMmvMlTE/8A4qhtyKSNI
oaSgLeRxg7gN4qEQacloYN9T3n2uCE2W1KyhCoFV9G4tF3FGtGxkHc3HEqe0x1oW
P/Cfpp0TGSYkZyF2EbpYR3ubKW7fGM0OyLYXTQTW44z3ZDwzbaj/BpnJwS2PX2v+
eUw1WbvV7dmw5M7WNAwqpG/V1UmTwjP11Sr7x731snFaczhNL66ZZ8uFHjV0giAK
zhkCPz6ZSREEnMJ5tMJq
=srvh
-----END PGP SIGNATURE-----

From coley at mitre.org  Wed Mar 20 16:25:32 2013
From: coley at mitre.org (Christey, Steven M.)
Date: Wed, 20 Mar 2013 21:25:32 +0000
Subject: [VIM] 267 Missing CVE in Jan, 2013 - please assign
In-Reply-To: <alpine.LNX.2.00.1303201533190.18456@forced.attrition.org>
References: <alpine.LNX.2.00.1303201328020.1050@forced.attrition.org>
	<514A07F1.3020404@redhat.com>
	<alpine.LNX.2.00.1303201458260.1050@forced.attrition.org>
	<514A1B96.5090208@redhat.com>
	<alpine.LNX.2.00.1303201533190.18456@forced.attrition.org>
Message-ID: <FC72FC641B949240B947AC6F1F83FBAF0904E225@IMCMBX01.MITRE.ORG>

Brian,

We are not able to handle your request for CVEs for all of the issues that OSVDB has published.  Unfortunately, CVE can no longer guarantee full coverage of all public vulnerabilities.

As some people on this list know, we are not well-prepared to handle the full volume of CVEs for all publicly-disclosed vulnerabilities, so we worked with the CVE Editorial Board to define the highest-priority items - information sources to monitor, and vendors/products to cover - and we are modifying our processes to ensure that we have full coverage of those items.  That work is still in progress.  We will guarantee CVE coverage for these issues, and other issues as resources allow, but at this time we will not be able to provide full coverage for any sources or products that have not been advocated by the CVE Editorial Board.  Consumers who want full coverage for all vulnerability reports, regardless of quality or importance, can look to other sources of vulnerability data.  CVE is for coordination of vulnerability information for products and sources that are the most important to the most people.

The presence of Kurt and the Red Hat CNA on oss-security definitely helps a lot, but as we just saw on oss-security in the past couple of days, duplicates can arise simply out of the complexities of having multiple CNAs, and this problem would become worse with more than 2 CNAs without well-defined roles to minimize overlap.

This year, we are concentrating on (1) the CVE ID syntax change, (2) updating our analytical infrastructure and processes, and (3) training our new analysts.  We do not know what our productivity will look like later this year, once all of these things are in place, but it will be an improvement.

Because of our focus in those areas, we have consciously tabled questions such as (1) how to prioritize the public CVE assignments for non-essential products, (2) how to effectively populate CVEs that have been used in the public, (3) how (and whether) to support external contributions for CVE descriptions, and (4) what reductions in description quality, if any, would be suitable to allow CVE to produce more content at the expense of its usability.  None of these decisions are to be handled casually or without sufficient discussion and debate in the proper forums, of which the VIM list is one of many.

Unlike vulnerability databases, CVE has a responsibility to many different consumers and needs to balance their different needs and perspectives.  We have also learned over the course of a decade that having a small group of critical individuals work for 50+ hour weeks is unsustainable and fragile; at this stage, CVE is now at a point where the departure of any single person - including myself - would not be fatal to the project.  Getting CVE to that point has been a long process.

We have also learned from projects such as OSVDB that distributing content production to the general public makes it very difficult to control quality and keep people motivated, and appropriate funding models are hard to come by.  As I said at RSA, "information is free, but nobody wants to pay for it."  For CVE, we are very lucky to have had a long-running sponsor in the Dept. of Homeland Security, but of course all funding has limits.  And, ironically, there are downstream consequences to increased productivity - we have already been privately told that our increase in productivity last year was stretching the analytical limits of one of our downstream CVE consumers, and they were not happy to hear of our upcoming productivity increase when our new analysts are ready to create new CVE entries.  Of course that should not be a driver for keeping productivity low, but this is one example of how CVE has a different set of considerations that others do not.

- Steve


From coley at mitre.org  Wed Mar 20 17:04:46 2013
From: coley at mitre.org (coley at mitre.org)
Date: Wed, 20 Mar 2013 18:04:46 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/20 18:00 ; count=4
Message-ID: <201303202204.r2KM4kSk001084@cairo.mitre.org>

======================================================
Name: CVE-2013-1875
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1875
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: FULLDISC:20130318 Remote command execution in Ruby Gem Command Wrap
Reference: URL:http://seclists.org/fulldisclosure/2013/Mar/175
Reference: MLIST:[oss-security] 20130319 Fwd: CVE requests
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/19/9
Reference: MISC:http://packetstormsecurity.com/files/120847/Ruby-Gem-Command-Wrap-Command-Execution.html
Reference: OSVDB:91450
Reference: URL:http://www.osvdb.org/91450

command_wrap.rb in the command_wrap Gem for Ruby allows remote
attackers to execute arbitrary commands via shell metacharacters in a
URL or filename.



======================================================
Name: CVE-2013-2615
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2615
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130318
Category: 
Reference: FULLDISC:20130312 Ruby gem fastreader-1.0.8 remote code exec
Reference: URL:http://seclists.org/fulldisclosure/2013/Mar/122
Reference: MLIST:[oss-security] 20130319 Fwd: CVE requests
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/19/9
Reference: MISC:http://packetstormsecurity.com/files/120776/Ruby-Gem-Fastreader-1.0.8-Command-Execution.html
Reference: MISC:http://packetstormsecurity.com/files/120845/Ruby-Gem-Fastreader-1.0.8-Code-Execution.html
Reference: OSVDB:91232
Reference: URL:http://www.osvdb.org/91232

lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows
remote attackers to execute arbitrary commands via shell
metacharacters in a URL.



======================================================
Name: CVE-2013-2616
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2616
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130318
Category: 
Reference: FULLDISC:20130312 MiniMagic ruby gem remote code execution
Reference: URL:http://seclists.org/fulldisclosure/2013/Mar/123
Reference: MLIST:[oss-security] 20130319 Fwd: CVE requests
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/19/9
Reference: MISC:http://packetstormsecurity.com/files/120777/Ruby-Gem-Minimagic-Command-Execution.html
Reference: OSVDB:91231
Reference: URL:http://www.osvdb.org/91231

lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote
attackers to execute arbitrary commands via shell metacharacters in a
URL.



======================================================
Name: CVE-2013-2617
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2617
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130318
Category: 
Reference: FULLDISC:20130312 Curl Ruby Gem Remote command execution
Reference: URL:http://seclists.org/fulldisclosure/2013/Mar/124
Reference: MLIST:[oss-security] 20130319 Fwd: CVE requests
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/19/9
Reference: MISC:http://packetstormsecurity.com/files/120778/Ruby-Gem-Curl-Command-Execution.html
Reference: OSVDB:91230
Reference: URL:http://www.osvdb.org/91230

lib/curl.rb in the Curl Gem for Ruby allows remote attackers to
execute arbitrary commands via shell metacharacters in a URL.




From jericho at attrition.org  Wed Mar 20 17:45:34 2013
From: jericho at attrition.org (security curmudgeon)
Date: Wed, 20 Mar 2013 17:45:34 -0500 (CDT)
Subject: [VIM] "context-dependent" and "user-assisted" terminology in CVE
In-Reply-To: <FC72FC641B949240B947AC6F1F83FBAF0904E0CD@IMCMBX01.MITRE.ORG>
References: <FC72FC641B949240B947AC6F1F83FBAF0904E0CD@IMCMBX01.MITRE.ORG>
Message-ID: <alpine.LNX.2.00.1303201743560.18456@forced.attrition.org>


On Wed, 20 Mar 2013, Christey, Steven M. wrote:

: Prompted by a Twitter conversation with Jericho a little while ago, here 
: is how CVE uses certain terms in our descriptions.  We try to be 
: consistent in this usage, although there can be exceptions.
: 
: It would be nice to get some alignment with OSVDB, especially because 
: OSVDB seems to use "context-dependent" in a different way than CVE.

We use C/D generically as a blanket term for both, but actually have a 
technical mechanism to distinguish them. Unfortunately, we're not very 
good at using it.

Our classification supports C/D and Remote/Local.

: Physically Proximate
: -------------------------
: 
: Person must have physical access to the device or environment in
: order to exploit the vulnerability.  Examples: touching a workstation
: keyboard or USB device; "shoulder surfing" to see a workstation's

We've been doing this for a long time with our Physical classification, 
and typically use "physically proximate" in our description where 
appropriate.

From coley at mitre.org  Thu Mar 21 09:04:25 2013
From: coley at mitre.org (coley at mitre.org)
Date: Thu, 21 Mar 2013 10:04:25 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/21 10:00 ; count=8
Message-ID: <201303211404.r2LE4PDG015963@cairo.mitre.org>

======================================================
Name: CVE-2011-4515
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4515
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20111122
Category: 
Reference: MISC:http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf
Reference: CONFIRM:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf

Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing
HMI web-application passwords in world-readable and world-writable
files, which allows local users to obtain sensitive information by
leveraging (1) physical access or (2) Sm at rt Server access.



======================================================
Name: CVE-2013-0665
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0665
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121219
Category: 
Reference: MISC:http://ics-cert.us-cert.gov/pdf/ICSA-13-079-01.pdf

Schweitzer Engineering Laboratories (SEL) AcSELerator QuickSet before
5.12.0.1 uses weak permissions for its Program Files directory, which
allows local users to replace executable files, and consequently gain
privileges, via standard filesystem operations.



======================================================
Name: CVE-2013-0667
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0667
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121219
Category: 
Reference: MISC:http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf
Reference: CONFIRM:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf

Cross-site scripting (XSS) vulnerability in the HMI web application in
Siemens WinCC (TIA Portal) 11 allows remote attackers to inject
arbitrary web script or HTML via a crafted URL.



======================================================
Name: CVE-2013-0668
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0668
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121219
Category: 
Reference: MISC:http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf
Reference: CONFIRM:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf

Multiple cross-site scripting (XSS) vulnerabilities in the HMI web
application in Siemens WinCC (TIA Portal) 11 allow remote attackers to
inject arbitrary web script or HTML via a crafted URL.



======================================================
Name: CVE-2013-0669
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0669
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121219
Category: 
Reference: MISC:http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf
Reference: CONFIRM:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf

The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote
authenticated users to cause a denial of service (daemon crash) via a
crafted HTTP request.



======================================================
Name: CVE-2013-0670
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0670
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121219
Category: 
Reference: MISC:http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf
Reference: CONFIRM:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf

CRLF injection vulnerability in the HMI web application in Siemens
WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP
headers and conduct HTTP response splitting attacks via a crafted URL.



======================================================
Name: CVE-2013-0671
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0671
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121219
Category: 
Reference: MISC:http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf
Reference: CONFIRM:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf

Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11
allows remote authenticated users to read HMI web-application source
code and user-defined scripts via a crafted URL.



======================================================
Name: CVE-2013-0672
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0672
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121219
Category: 
Reference: MISC:http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf
Reference: CONFIRM:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf

Cross-site scripting (XSS) vulnerability in the HMI web application in
Siemens WinCC (TIA Portal) 11 allows remote authenticated users to
inject arbitrary web script or HTML via unspecified data.




From coley at mitre.org  Thu Mar 21 10:04:26 2013
From: coley at mitre.org (coley at mitre.org)
Date: Thu, 21 Mar 2013 11:04:26 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/21 11:00 ; count=6
Message-ID: <201303211504.r2LF4Qq7016376@cairo.mitre.org>

======================================================
Name: CVE-2013-0674
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0674
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121219
Category: 
Reference: MISC:http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
Reference: CONFIRM:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

Buffer overflow in the RegReader ActiveX control in Siemens WinCC
before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products,
allows remote attackers to execute arbitrary code via a long
parameter.



======================================================
Name: CVE-2013-0675
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0675
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121219
Category: 
Reference: MISC:http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
Reference: CONFIRM:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

Buffer overflow in CCEServer (aka the central communications
component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before
8.0 SP1 and other products, allows remote attackers to cause a denial
of service via a crafted packet.



======================================================
Name: CVE-2013-0676
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0676
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121219
Category: 
Reference: MISC:http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
Reference: CONFIRM:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and
other products, does not properly assign privileges for the database
containing WebNavigator credentials, which allows remote authenticated
users to obtain sensitive information via a SQL query.



======================================================
Name: CVE-2013-0677
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0677
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121219
Category: 
Reference: MISC:http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
Reference: CONFIRM:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7
before 8.0 SP1 and other products, allows remote attackers to obtain
sensitive information or cause a denial of service via a crafted
project file.



======================================================
Name: CVE-2013-0678
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0678
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121219
Category: 
Reference: MISC:http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
Reference: CONFIRM:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and
other products, does not properly represent WebNavigator credentials
in a database, which makes it easier for remote authenticated users to
obtain sensitive information via a SQL query.



======================================================
Name: CVE-2013-0679
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0679
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121219
Category: 
Reference: MISC:http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
Reference: CONFIRM:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

Directory traversal vulnerability in the web server in Siemens WinCC
before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products,
allows remote authenticated users to read arbitrary files via vectors
involving a query for a pathname.




From coley at mitre.org  Thu Mar 21 11:04:26 2013
From: coley at mitre.org (coley at mitre.org)
Date: Thu, 21 Mar 2013 12:04:26 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/21 12:00 ; count=1
Message-ID: <201303211604.r2LG4Qa5016789@cairo.mitre.org>

======================================================
Name: CVE-2013-0287
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0287
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: MLIST:[sssd-devel] 20130319 [SSSD] A security bug in SSSD 1.9 (CVE-2013-0287)
Reference: URL:https://lists.fedorahosted.org/pipermail/sssd-devel/2013-March/014066.html
Reference: MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=910938
Reference: CONFIRM:http://git.fedorahosted.org/cgit/sssd.git/patch/?id=26590d31f492dbbd36be6d0bde46a4bd3b221edb
Reference: CONFIRM:http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6569d57e3bc168e6e83d70333b48c5cb43aa04c4
Reference: CONFIRM:http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6837eee3f7f81c0ee454d3718d67d7f3cc6b48ef
Reference: CONFIRM:http://git.fedorahosted.org/cgit/sssd.git/patch/?id=754b09b5444e6da88ed58d6deaed8b815e268b6b
Reference: CONFIRM:http://git.fedorahosted.org/cgit/sssd.git/patch/?id=7619be9f6bf649665fcbeee9e6b120f9f9cba2a5
Reference: CONFIRM:http://git.fedorahosted.org/cgit/sssd.git/patch/?id=8b8019fe3dd1564fba657e219ec20ff816c7ffdb
Reference: CONFIRM:http://git.fedorahosted.org/cgit/sssd.git/patch/?id=b63830b142053f99bfe954d4be5a2b0f68ce3a93
Reference: CONFIRM:http://git.fedorahosted.org/cgit/sssd.git/patch/?id=c0bca1722d6f9dfb654ad78397be70f79ff39af1
Reference: REDHAT:RHSA-2013:0663
Reference: URL:http://rhn.redhat.com/errata/RHSA-2013-0663.html
Reference: BID:58593
Reference: URL:http://www.securityfocus.com/bid/58593
Reference: SECTRACK:1028317
Reference: URL:http://securitytracker.com/id?1028317
Reference: SECUNIA:52704
Reference: URL:http://secunia.com/advisories/52704
Reference: SECUNIA:52722
Reference: URL:http://secunia.com/advisories/52722

The Simple Access Provider in System Security Services Daemon (SSSD)
1.9.0 through 1.9.4, when the Active Directory provider is used, does
not properly enforce the simple_deny_groups option, which allows
remote authenticated users to bypass intended access restrictions.




From coley at mitre.org  Thu Mar 21 12:04:25 2013
From: coley at mitre.org (coley at mitre.org)
Date: Thu, 21 Mar 2013 13:04:25 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/21 13:00 ; count=4
Message-ID: <201303211704.r2LH4PKB017202@cairo.mitre.org>

======================================================
Name: CVE-2013-1051
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1051
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130111
Category: 
Reference: UBUNTU:USN-1762-1
Reference: URL:http://www.ubuntu.com/usn/USN-1762-1
Reference: OSVDB:91428
Reference: URL:http://osvdb.org/91428
Reference: SECUNIA:52633
Reference: URL:http://secunia.com/advisories/52633

apt 0.8.16, 0.9.7, and possibly other versions does not properly
handle InRelease files, which allows man-in-the-middle attackers to
modify packages before installation via unknown vectors, possibly
related to integrity checking and the use of third-party repositories.



======================================================
Name: CVE-2013-1052
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1052
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130111
Category: 
Reference: UBUNTU:USN-1766-1
Reference: URL:http://www.ubuntu.com/usn/USN-1766-1
Reference: BID:58550
Reference: URL:http://www.securityfocus.com/bid/58550
Reference: XF:ubuntu-cve20131052-priv-esc(82918)
Reference: URL:http://xforce.iss.net/xforce/xfdb/82918

pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the
PATH environment variable, which allows local users to gain privileges
via unspecified vectors related to sudo.



======================================================
Name: CVE-2013-1427
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1427
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130126
Category: 
Reference: DEBIAN:DSA-2649
Reference: URL:http://www.debian.org/security/2013/dsa-2649
Reference: BID:58528
Reference: URL:http://www.securityfocus.com/bid/58528
Reference: OSVDB:91462
Reference: URL:http://osvdb.org/91462
Reference: XF:lighttpd-cve20131427-symlink(82897)
Reference: URL:http://xforce.iss.net/xforce/xfdb/82897

The configuration file for the FastCGI PHP support for lighthttpd
before 1.4.28 on Debian GNU/Linux creates a socket file with a
predictable name in /tmp, which allows local users to hijack the PHP
control socket and perform unauthorized actions such as forcing the
use of a different version of PHP via a symlink attack or a race
condition.



======================================================
Name: CVE-2013-2279
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2279
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130226
Category: 
Reference: BUGTRAQ:20130319 CA20130319-01: Security Notice for SiteMinder products using SAML
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2013-03/0118.html
Reference: CONFIRM:https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53E50CBD-6F6A-4B3A-85FF-36E44ABED8D5}
Reference: BID:58609
Reference: URL:http://www.securityfocus.com/bid/58609
Reference: SECUNIA:52610
Reference: URL:http://secunia.com/advisories/52610

CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation
(Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder
for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify
XML signatures for SAML statements, which allows remote attackers to
spoof other users and gain privileges.




From coley at mitre.org  Thu Mar 21 15:04:25 2013
From: coley at mitre.org (coley at mitre.org)
Date: Thu, 21 Mar 2013 16:04:25 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/21 16:00 ; count=3
Message-ID: <201303212004.r2LK4Pc9018941@cairo.mitre.org>

======================================================
Name: CVE-2012-5757
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5757
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121102
Category: 
Reference: CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg21619993
Reference: AIXAPAR:PM77153
Reference: URL:http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153
Reference: XF:rcq-reflected-xss(80061)
Reference: URL:http://xforce.iss.net/xforce/xfdb/80061

Cross-site scripting (XSS) vulnerability in the Web Client in IBM
Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6
allows remote attackers to inject arbitrary web script or HTML via a
crafted URL.



======================================================
Name: CVE-2013-0126
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0126
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: EXPLOIT-DB:24860
Reference: URL:http://www.exploit-db.com/exploits/24860/
Reference: MISC:http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html
Reference: CERT-VN:VU#278204
Reference: URL:http://www.kb.cert.org/vuls/id/278204

Multiple cross-site request forgery (CSRF) vulnerabilities in
index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router allow
remote attackers to hijack the authentication of administrators for
requests that (1) add administrative accounts via the username and
user_level parameters or (2) enable remote administration via the
is_telnet_primary and is_telnet_secondary parameters.



======================================================
Name: CVE-2013-0453
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0453
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121216
Category: 
Reference: CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg21631351
Reference: AIXAPAR:IV37766
Reference: URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IV37766
Reference: XF:tem-web-reports-xss(80969)
Reference: URL:http://xforce.iss.net/xforce/xfdb/80969

Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli
Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated
users to inject arbitrary web script or HTML via a crafted URL.




From coley at mitre.org  Thu Mar 21 16:04:25 2013
From: coley at mitre.org (coley at mitre.org)
Date: Thu, 21 Mar 2013 17:04:25 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/21 17:00 ; count=5
Message-ID: <201303212104.r2LL4Ptf019355@cairo.mitre.org>

======================================================
Name: CVE-2013-0123
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0123
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: CERT-VN:VU#406596
Reference: URL:http://www.kb.cert.org/vuls/id/406596

Multiple SQL injection vulnerabilities in the administration interface
in ASKIA askiaweb allow remote attackers to execute arbitrary SQL
commands via (1) the nHistoryId parameter to
WebProd/pages/pgHistory.asp or (2) the OrderBy parameter to
WebProd/pages/pgadmin.asp.



======================================================
Name: CVE-2013-0124
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0124
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: CERT-VN:VU#406596
Reference: URL:http://www.kb.cert.org/vuls/id/406596

Multiple cross-site scripting (XSS) vulnerabilities in the
administration interface in ASKIA askiaweb allow remote attackers to
inject arbitrary web script or HTML via the (1) Number or (2)
UpdatePage parameter to WebProd/cgi-bin/AskiaExt.dll.



======================================================
Name: CVE-2013-1844
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1844
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130311 Re: CVE request: XSS in piwik 1.11
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/12/4
Reference: CONFIRM:http://piwik.org/blog/2013/03/piwik-1-11/

Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows
remote attackers to inject arbitrary web script or HTML via
unspecified vectors.



======================================================
Name: CVE-2013-2632
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2632
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130321
Category: 
Reference: CONFIRM:http://code.google.com/p/v8/source/browse/trunk/ChangeLog
Reference: CONFIRM:http://googlechromereleases.blogspot.com/2013/03/dev-channel-update_18.html
Reference: CONFIRM:https://code.google.com/p/chromium/issues/detail?id=194749

Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3,
allows remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via crafted
JavaScript code, as demonstrated by the Bejeweled game.



======================================================
Name: CVE-2013-2633
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2633
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130321
Category: 
Reference: CONFIRM:http://piwik.org/blog/2013/03/piwik-1-11/

Piwik before 1.11 accepts input from a POST request instead of a GET
request in unspecified circumstances, which might allow attackers to
obtain sensitive information by leveraging the logging of parameters.




From coley at mitre.org  Fri Mar 22 05:05:28 2013
From: coley at mitre.org (coley at mitre.org)
Date: Fri, 22 Mar 2013 06:05:28 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/22 06:00 ; count=14
Message-ID: <201303221005.r2MA5RjC002539@cairo.mitre.org>

======================================================
Name: CVE-2013-0914
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0914
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130107
Category: 
Reference: MLIST:[oss-security] 20130311 CVE-2013-0914 Linux kernel sa_restorer information leak
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/11/8
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ca39528c01a933f6689cd6505ce65bd6d68a530
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=920499
Reference: CONFIRM:https://github.com/torvalds/linux/commit/2ca39528c01a933f6689cd6505ce65bd6d68a530

The flush_signal_handlers function in kernel/signal.c in the Linux
kernel before 3.8.4 preserves the value of the sa_restorer field
across an exec operation, which makes it easier for local users to
bypass the ASLR protection mechanism via a crafted application
containing a sigaction system call.



======================================================
Name: CVE-2013-1792
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1792
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130307 CVE-2013-1792 Linux kernel: KEYS: race with concurrent install_user_keyrings()
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/07/1
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0da9dfdd2cd9889201bc6f6f43580c99165cd087
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=916646
Reference: CONFIRM:https://github.com/torvalds/linux/commit/0da9dfdd2cd9889201bc6f6f43580c99165cd087

Race condition in the install_user_keyrings function in
security/keys/process_keys.c in the Linux kernel before 3.8.3 allows
local users to cause a denial of service (NULL pointer dereference and
system crash) via crafted keyctl system calls that trigger keyring
operations in simultaneous threads.



======================================================
Name: CVE-2013-1796
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1796
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8]
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/20/9
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c300aa64ddf57d9c5d9c898a64b36877345dd4a9
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=917012
Reference: CONFIRM:https://github.com/torvalds/linux/commit/c300aa64ddf57d9c5d9c898a64b36877345dd4a9

The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux
kernel through 3.8.4 does not ensure a required time_page alignment
during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users
to cause a denial of service (buffer overflow and host OS memory
corruption) or possibly have unspecified other impact via a crafted
application.



======================================================
Name: CVE-2013-1797
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1797
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8]
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/20/9
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0b79459b482e85cb7426aa7da683a9f2c97aeae1
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=917013
Reference: CONFIRM:https://github.com/torvalds/linux/commit/0b79459b482e85cb7426aa7da683a9f2c97aeae1

Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel
through 3.8.4 allows guest OS users to cause a denial of service (host
OS memory corruption) or possibly have unspecified other impact via a
crafted application that triggers use of a guest physical address
(GPA) in (1) movable or (2) removable memory during an
MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.



======================================================
Name: CVE-2013-1798
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1798
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8]
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/20/9
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a2c118bfab8bc6b8bb213abfc35201e441693d55
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=917017
Reference: CONFIRM:https://github.com/torvalds/linux/commit/a2c118bfab8bc6b8bb213abfc35201e441693d55

The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux
kernel through 3.8.4 does not properly handle a certain combination of
invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which
allows guest OS users to obtain sensitive information from host OS
memory or cause a denial of service (host OS OOPS) via a crafted
application.



======================================================
Name: CVE-2013-1826
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1826
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130307 Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/07/2
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=864745d291b5ba80ea0bd0edcbe67273de368836
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=919384
Reference: CONFIRM:https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836

The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux
kernel before 3.5.7 does not properly handle error conditions in
dump_one_state function calls, which allows local users to gain
privileges or cause a denial of service (NULL pointer dereference and
system crash) by leveraging the CAP_NET_ADMIN capability.



======================================================
Name: CVE-2013-1827
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1827
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130307 Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/07/2
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=276bdb82dedb290511467a5a4fdbe9f0b52dce6f
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=919164
Reference: CONFIRM:https://github.com/torvalds/linux/commit/276bdb82dedb290511467a5a4fdbe9f0b52dce6f

net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to
gain privileges or cause a denial of service (NULL pointer dereference
and system crash) by leveraging the CAP_NET_ADMIN capability for a
certain (1) sender or (2) receiver getsockopt call.



======================================================
Name: CVE-2013-1828
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1828
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130307 Re: CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/08/2
Reference: MISC:http://grsecurity.net/~spender/sctp.c
Reference: MISC:http://twitter.com/grsecurity/statuses/309805924749541376
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=726bc6b092da4c093eb74d13c07184b18c1af0f1
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=919315
Reference: CONFIRM:https://github.com/torvalds/linux/commit/726bc6b092da4c093eb74d13c07184b18c1af0f1

The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the
Linux kernel before 3.8.4 does not validate a size value before
proceeding to a copy_from_user operation, which allows local users to
gain privileges via a crafted application that contains an
SCTP_GET_ASSOC_STATS getsockopt system call.



======================================================
Name: CVE-2013-1848
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1848
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130320 CVE-2013-1848 -- Linux kernel: ext3: format string issues
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/20/8
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d0c2d10dd72c5292eda7a06231056a4c972e4cc
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=920783
Reference: CONFIRM:https://github.com/torvalds/linux/commit/8d0c2d10dd72c5292eda7a06231056a4c972e4cc

fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect
arguments to functions in certain circumstances related to printk
input, which allows local users to conduct format-string attacks and
possibly gain privileges via a crafted application.



======================================================
Name: CVE-2013-1860
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1860
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130314 Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/15/3
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c0f5ecee4e741667b2493c742b60b6218d40b3aa
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=921970
Reference: CONFIRM:https://github.com/torvalds/linux/commit/c0f5ecee4e741667b2493c742b60b6218d40b3aa

Heap-based buffer overflow in the wdm_in_callback function in
drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows
physically proximate attackers to cause a denial of service (system
crash) or possibly execute arbitrary code via a crafted cdc-wdm USB
device.



======================================================
Name: CVE-2013-1873
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1873
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2013-2634,
CVE-2013-2635, CVE-2013-2636.  Reason: This candidate is a duplicate
of CVE-2013-2634, CVE-2013-2635, and CVE-2013-2636.  Notes: All CVE
users should reference one or more of CVE-2013-2634, CVE-2013-2635,
and CVE-2013-2636 instead of this candidate.  All references and
descriptions in this candidate have been removed to prevent accidental
usage.



======================================================
Name: CVE-2013-2634
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2634
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130321
Category: 
Reference: MLIST:[oss-security] 20130320 Re: Linux kernel: net - three info leaks in rtnl
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/20/1
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=29cd8ae0e1a39e239a3a7b67da1986add1199fc0
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=923652
Reference: CONFIRM:https://github.com/torvalds/linux/commit/29cd8ae0e1a39e239a3a7b67da1986add1199fc0

net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize
certain structures, which allows local users to obtain sensitive
information from kernel stack memory via a crafted application.



======================================================
Name: CVE-2013-2635
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2635
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130321
Category: 
Reference: MLIST:[oss-security] 20130320 Re: Linux kernel: net - three info leaks in rtnl
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/20/1
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=84d73cd3fb142bf1298a8c13fd4ca50fd2432372
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=923652
Reference: CONFIRM:https://github.com/torvalds/linux/commit/84d73cd3fb142bf1298a8c13fd4ca50fd2432372

The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux
kernel before 3.8.4 does not initialize a certain structure member,
which allows local users to obtain sensitive information from kernel
stack memory via a crafted application.



======================================================
Name: CVE-2013-2636
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2636
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130321
Category: 
Reference: MLIST:[oss-security] 20130320 Re: Linux kernel: net - three info leaks in rtnl
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/20/1
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c085c49920b2f900ba716b4ca1c1a55ece9872cc
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=923652
Reference: CONFIRM:https://github.com/torvalds/linux/commit/c085c49920b2f900ba716b4ca1c1a55ece9872cc

net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not
initialize certain structures, which allows local users to obtain
sensitive information from kernel memory via a crafted application.




From coley at mitre.org  Fri Mar 22 10:04:25 2013
From: coley at mitre.org (coley at mitre.org)
Date: Fri, 22 Mar 2013 11:04:25 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/22 11:00 ; count=1
Message-ID: <201303221504.r2MF4PUU011880@cairo.mitre.org>

======================================================
Name: CVE-2013-0731
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0731
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130102
Category: 
Reference: MISC:http://plugins.trac.wordpress.org/changeset?new=682420
Reference: CONFIRM:http://wordpress.org/extend/plugins/wp-mailup/changelog/
Reference: BID:58467
Reference: URL:http://www.securityfocus.com/bid/58467
Reference: OSVDB:91274
Reference: URL:http://osvdb.org/91274
Reference: SECUNIA:51917
Reference: URL:http://secunia.com/advisories/51917
Reference: XF:mailup-ajaxfunctions-security-bypass(82847)
Reference: URL:http://xforce.iss.net/xforce/xfdb/82847

ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress
does not properly restrict access to unspecified Ajax functions, which
allows remote attackers to modify plugin settings and conduct
cross-site scripting (XSS) attacks by setting the wordpress_logged_in
cookie.  NOTE: this is due to an incomplete fix for a similar issue
that was fixed in 1.3.2.




From coley at mitre.org  Fri Mar 22 12:04:24 2013
From: coley at mitre.org (coley at mitre.org)
Date: Fri, 22 Mar 2013 13:04:24 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/22 13:00 ; count=1
Message-ID: <201303221704.r2MH4OaA012690@cairo.mitre.org>

======================================================
Name: CVE-2013-2640
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2640
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130322
Category: 
Reference: MISC:http://plugins.trac.wordpress.org/changeset?new=682420
Reference: CONFIRM:http://wordpress.org/extend/plugins/wp-mailup/changelog/
Reference: OSVDB:91274
Reference: URL:http://osvdb.org/91274
Reference: SECUNIA:51917
Reference: URL:http://secunia.com/advisories/51917

ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress
does not properly restrict access to unspecified Ajax functions, which
allows remote attackers to modify plugin settings and conduct
cross-site scripting (XSS) attacks via unspecified vectors related to
"formData=save" requests, a different version than CVE-2013-0731.




From coley at mitre.org  Fri Mar 22 16:04:25 2013
From: coley at mitre.org (coley at mitre.org)
Date: Fri, 22 Mar 2013 17:04:25 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/22 17:00 ; count=5
Message-ID: <201303222104.r2ML4Pad014933@cairo.mitre.org>

======================================================
Name: CVE-2013-0335
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0335
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: MLIST:[oss-security] 20130226 [OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335)
Reference: URL:http://www.openwall.com/lists/oss-security/2013/02/26/7
Reference: CONFIRM:https://bugs.launchpad.net/nova/+bug/1125378
Reference: CONFIRM:https://review.openstack.org/#/c/22086/
Reference: CONFIRM:https://review.openstack.org/#/c/22758
Reference: CONFIRM:https://review.openstack.org/#/c/22872/
Reference: UBUNTU:USN-1771-1
Reference: URL:http://www.ubuntu.com/usn/USN-1771-1
Reference: OSVDB:90657
Reference: URL:http://www.osvdb.org/90657
Reference: SECUNIA:52337
Reference: URL:http://secunia.com/advisories/52337
Reference: SECUNIA:52728
Reference: URL:http://secunia.com/advisories/52728

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1)
allows remote authenticated users to gain access to a VM in
opportunistic circumstances by using the VNC token for a deleted VM
that was bound to the same VNC port.



======================================================
Name: CVE-2013-1838
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1838
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[openstack] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)
Reference: URL:https://lists.launchpad.net/openstack/msg21892.html
Reference: MLIST:[oss-security] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/14/18
Reference: MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919648
Reference: CONFIRM:https://bugs.launchpad.net/nova/+bug/1125468
Reference: CONFIRM:https://review.openstack.org/#/c/24451/
Reference: CONFIRM:https://review.openstack.org/#/c/24452/
Reference: CONFIRM:https://review.openstack.org/#/c/24453/
Reference: UBUNTU:USN-1771-1
Reference: URL:http://ubuntu.com/usn/usn-1771-1
Reference: BID:58492
Reference: URL:http://www.securityfocus.com/bid/58492
Reference: OSVDB:91303
Reference: URL:http://osvdb.org/91303
Reference: SECUNIA:52580
Reference: URL:http://secunia.com/advisories/52580
Reference: SECUNIA:52728
Reference: URL:http://secunia.com/advisories/52728
Reference: XF:nova-fixedips-dos(82877)
Reference: URL:http://xforce.iss.net/xforce/xfdb/82877

OpenStack Nova Grizzly, Folsom (2012.2), and Essex (2012.1) does not
properly implement a quota for fixed IPs, which allows remote
authenticated users to cause a denial of service (resource exhaustion
and failure to spawn new instances) via a large number of calls to the
addFixedIp function.



======================================================
Name: CVE-2013-1840
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1840
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130314 [OSSA 2013-007] Backend credentials leak in Glance v1 API (CVE-2013-1840)
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/14/15
Reference: CONFIRM:https://bugs.launchpad.net/glance/+bug/1135541
Reference: CONFIRM:https://review.openstack.org/#/c/24437/
Reference: CONFIRM:https://review.openstack.org/#/c/24438/
Reference: CONFIRM:https://review.openstack.org/#/c/24439/
Reference: UBUNTU:USN-1764-1
Reference: URL:http://www.ubuntu.com/usn/USN-1764-1
Reference: BID:58490
Reference: URL:http://www.securityfocus.com/bid/58490
Reference: OSVDB:91304
Reference: URL:http://osvdb.org/91304
Reference: SECUNIA:52565
Reference: URL:http://secunia.com/advisories/52565
Reference: XF:openstack-glance-api-info-disclosure(82878)
Reference: URL:http://xforce.iss.net/xforce/xfdb/82878

The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and
Grizzly, when using the single-tenant Swift or S3 store, reports the
location field, which allows remote authenticated users to obtain the
operator's backend credentials via a request for a cached image.



======================================================
Name: CVE-2013-1865
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1865
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130320 [OSSA 2013-009] Keystone PKI tokens online validation bypasses revocation  check (CVE-2013-1865)
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/20/13
Reference: CONFIRM:https://bugs.launchpad.net/keystone/+bug/1129713
Reference: CONFIRM:https://review.openstack.org/#/c/24906/
Reference: UBUNTU:USN-1772-1
Reference: URL:http://www.ubuntu.com/usn/USN-1772-1
Reference: BID:58616
Reference: URL:http://www.securityfocus.com/bid/58616
Reference: OSVDB:91532
Reference: URL:http://osvdb.org/91532
Reference: SECUNIA:52657
Reference: URL:http://secunia.com/advisories/52657

OpenStack Keystone Folsom (2012.2) does not properly perform
revocation checks for Keystone PKI tokens when done through a server,
which allows remote attackers to bypass intended access restrictions
via a revoked PKI token.



======================================================
Name: CVE-2013-2501
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2501
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130307
Category: 
Reference: BUGTRAQ:20130308 Stored XSS in Terillion Reviews Wordpress Plugin
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2013-03/0055.html
Reference: MISC:http://packetstormsecurity.com/files/120730/WordPress-Terillion-Reviews-Cross-Site-Scripting.html
Reference: CONFIRM:http://plugins.trac.wordpress.org/changeset/683838/terillion-reviews
Reference: CONFIRM:http://wordpress.org/extend/plugins/terillion-reviews/changelog/
Reference: BID:58415
Reference: URL:http://www.securityfocus.com/bid/58415
Reference: OSVDB:91123
Reference: URL:http://osvdb.org/91123
Reference: XF:wp-terillionreviews-profileid-xss(82727)
Reference: URL:http://xforce.iss.net/xforce/xfdb/82727

Cross-site scripting (XSS) vulnerability in the Terillion Reviews
plugin before 1.2 for WordPress allows remote attackers to inject
arbitrary web script or HTML via the ProfileId field.




From Narayan_Agarwalla at symantec.com  Mon Mar 25 11:21:38 2013
From: Narayan_Agarwalla at symantec.com (Narayan Agarwalla)
Date: Mon, 25 Mar 2013 09:21:38 -0700
Subject: [VIM] Could not find some ZDI-CAN-XXXX is pointing to which ZDI
	advisory
Message-ID: <96CC6D276D1CC043905F0666B28DA2CB2AA8F26C9B@APJ1XCHEVSPIN30.SYMC.SYMANTEC.COM>

Hi ZDI team



I came across a HP advisory link.



https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%253Demr_na-c03689276-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.begCacheTok=com.vignett&ac.admitted=1364225918482.876444892.199480143

In this advisory, HP are pointing



CVE-2012-5206 to ZDI-CAN-1660

CVE-2012-5207 to ZDI-CAN-1661

CVE-2012-5208 to ZDI-CAN-1615

CVE-2012-5209 to ZDI-CAN-1659

CVE-2012-5210 to ZDI-CAN-1646

CVE-2012-5211 to ZDI-CAN-1643

CVE-2012-5212 to ZDI-CAN-1663

CVE-2012-5213 to ZDI-CAN-1662



Can you please let me know ZDI-CAN-1660, ZDI-CAN-1661, ZDI-CAN-1615, ZDI-CAN-1659, ZDI-CAN-1646, ZDI-CAN-1643, ZDI-CAN-1663 and ZDI-CAN-1662 points to which advisory?



Thanks!

Narayan Agarwalla
Supervisor, DeepSight
Security Technology and Response
Mobile: +91-8939922488

[cid:image001.jpg at 01CE29A2.4FA2E780]

[cid:image002.gif at 01CE29A2.4FA2E780]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.attrition.org/pipermail/vim/attachments/20130325/abc7096b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 1958 bytes
Desc: image001.jpg
URL: <http://www.attrition.org/pipermail/vim/attachments/20130325/abc7096b/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 751 bytes
Desc: image002.gif
URL: <http://www.attrition.org/pipermail/vim/attachments/20130325/abc7096b/attachment.gif>

From coley at mitre.org  Mon Mar 25 16:04:27 2013
From: coley at mitre.org (coley at mitre.org)
Date: Mon, 25 Mar 2013 17:04:27 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/25 17:00 ; count=8
Message-ID: <201303252104.r2PL4RGp001922@cairo.mitre.org>

======================================================
Name: CVE-2013-1829
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1829
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130325 Moodle security notifications public
Reference: URL:http://openwall.com/lists/oss-security/2013/03/25/2
Reference: CONFIRM:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37338
Reference: CONFIRM:https://moodle.org/mod/forum/discuss.php?d=225339

calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not
consider capability requirements before displaying calendar
subscriptions, which allows remote authenticated users to obtain
potentially sensitive information by leveraging the student role.



======================================================
Name: CVE-2013-1830
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1830
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130325 Moodle security notifications public
Reference: URL:http://openwall.com/lists/oss-security/2013/03/25/2
Reference: CONFIRM:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37481
Reference: CONFIRM:https://moodle.org/mod/forum/discuss.php?d=225341

user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x
before 2.3.5, and 2.4.x before 2.4.2 does not enforce the
forceloginforprofiles setting, which allows remote attackers to obtain
sensitive course-profile information by leveraging the guest role, as
demonstrated by a Google search.



======================================================
Name: CVE-2013-1831
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1831
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130325 Moodle security notifications public
Reference: URL:http://openwall.com/lists/oss-security/2013/03/25/2
Reference: CONFIRM:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36901
Reference: CONFIRM:https://moodle.org/mod/forum/discuss.php?d=225342

lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x
before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain
sensitive information via an invalid request, which reveals the
absolute path in an exception message.



======================================================
Name: CVE-2013-1832
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1832
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130325 Moodle security notifications public
Reference: URL:http://openwall.com/lists/oss-security/2013/03/25/2
Reference: CONFIRM:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37681
Reference: CONFIRM:https://moodle.org/mod/forum/discuss.php?d=225343

repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before
2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV
password in the configuration form, which allows remote authenticated
administrators to obtain sensitive information by configuring an
instance.



======================================================
Name: CVE-2013-1833
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1833
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130325 Moodle security notifications public
Reference: URL:http://openwall.com/lists/oss-security/2013/03/25/2
Reference: CONFIRM:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507
Reference: CONFIRM:https://moodle.org/mod/forum/discuss.php?d=225344

Multiple cross-site scripting (XSS) vulnerabilities in the File Picker
module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before
2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to
inject arbitrary web script or HTML via a crafted filename.



======================================================
Name: CVE-2013-1834
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1834
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130325 Moodle security notifications public
Reference: URL:http://openwall.com/lists/oss-security/2013/03/25/2
Reference: CONFIRM:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37411
Reference: CONFIRM:https://moodle.org/mod/forum/discuss.php?d=225346

notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10,
2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows
remote authenticated users to reassign notes via a modified (1) userid
or (2) courseid field.



======================================================
Name: CVE-2013-1835
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1835
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130325 Moodle security notifications public
Reference: URL:http://openwall.com/lists/oss-security/2013/03/25/2
Reference: CONFIRM:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36426
Reference: CONFIRM:https://moodle.org/mod/forum/discuss.php?d=225347

Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and
2.4.x before 2.4.2 allows remote authenticated administrators to
obtain sensitive information from the external repositories of
arbitrary users by leveraging the login_as feature.



======================================================
Name: CVE-2013-1836
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1836
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130325 Moodle security notifications public
Reference: URL:http://openwall.com/lists/oss-security/2013/03/25/2
Reference: CONFIRM:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37852
Reference: CONFIRM:https://moodle.org/mod/forum/discuss.php?d=225348

Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and
2.4.x before 2.4.2 does not properly manage privileges for WebDAV
repositories, which allows remote authenticated users to read, modify,
or delete arbitrary site-wide repositories by leveraging certain read
access.




From coley at mitre.org  Mon Mar 25 20:04:24 2013
From: coley at mitre.org (coley at mitre.org)
Date: Mon, 25 Mar 2013 21:04:24 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/25 21:00 ; count=2
Message-ID: <201303260104.r2Q14O95010908@cairo.mitre.org>

======================================================
Name: CVE-2013-1161
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1161
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130111
Category: 
Reference: CISCO:20130319 Cisco Jabber IM for Android Denial of Service Vulnerability
Reference: URL:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1161

The XML parser in the Cisco Jabber IM application for Android allows
remote authenticated users to cause a denial of service (blocked
connection) by leveraging an entry on a Buddy list and sending a
crafted XMPP presence update message, aka Bug ID CSCue38383.



======================================================
Name: CVE-2013-1162
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1162
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130111
Category: 
Reference: CISCO:20130315 Cisco IOS XR Traffic Engineering Denial of Service Vulnerability
Reference: URL:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1162

The traffic engineering (TE) processing subsystem in Cisco IOS XR
allows remote attackers to cause a denial of service (process restart)
via crafted TE packets, aka Bug ID CSCue04000.




From coley at mitre.org  Tue Mar 26 09:04:25 2013
From: coley at mitre.org (coley at mitre.org)
Date: Tue, 26 Mar 2013 10:04:25 -0400 (EDT)
Subject: [VIM] [CVENEW] New CVE CANs: 2013/03/26 10:00 ; count=2
Message-ID: <201303261404.r2QE4PEn023855@cairo.mitre.org>

======================================================
Name: CVE-2013-1608
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1608
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130204
Category: 
Reference: CONFIRM:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130320_00
Reference: BID:58542
Reference: URL:http://www.securityfocus.com/bid/58542

Directory traversal vulnerability in the Management Console on the
Symantec NetBackup (NBU) appliance 2.0.x allows remote attackers to
read arbitrary files via unspecified vectors.



======================================================
Name: CVE-2013-1609
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1609
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130204
Category: 
Reference: CONFIRM:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130321_00
Reference: BID:58617
Reference: URL:http://www.securityfocus.com/bid/58617

Multiple unquoted Windows search path vulnerabilities in the (1) File
Collector and (2) File PlaceHolder services in Symantec Enterprise
Vault (EV) for File System Archiving before 9.0.4 and 10.x before
10.0.1 allow local users to gain privileges via a Trojan horse
program.




From coley at mitre.org  Tue Mar 26 12:57:57 2013
From: coley at mitre.org (Christey, Steven M.)
Date: Tue, 26 Mar 2013 17:57:57 +0000
Subject: [VIM] CVE posts to VIM disabled
Message-ID: <FC72FC641B949240B947AC6F1F83FBAF09052A8E@IMCMBX01.MITRE.ORG>

All, with NVD and its RSS feeds back online, we are no longer going to post CVENEW messages to VIM.

- Steve


From coley at mitre.org  Tue Mar 26 13:05:43 2013
From: coley at mitre.org (Christey, Steven M.)
Date: Tue, 26 Mar 2013 18:05:43 +0000
Subject: [VIM] product name spelling error (CVE-2013-2616 - MiniMagick)
Message-ID: <FC72FC641B949240B947AC6F1F83FBAF09052AA3@IMCMBX01.MITRE.ORG>

The original disclosure by Larry Cashdollar at http://seclists.org/fulldisclosure/2013/Mar/123 spells the product name as "MiniMagic," and this is reflected in OSVDB:91231, BID:58448, and possibly other sources.  However,  the correct spelling is "MiniMagick" as seen in the vendor URL (https://github.com/minimagick/minimagick).

- Steve