'Re: [oss-security] Piwik <= 0.4.5 Cookie Unserialize()'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Piwik <= 0.4.5 Cookie Unserialize()
From:       Josh Bressers <bressers () redhat ! com>
Date:       2009-12-10 16:24:30
Message-ID: 106755777.1035741260462270839.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Please use CVE-2009-4137 for this.

Sadly I can't find other references. Even the Piwik changelog is a bit slient
on this.

Thanks.

-- 
    JB


----- "Eren Türkay" <eren@pardus.org.tr> wrote:

> Hello,
> 
> Piwik is an open source web analytics software program used by various
> 
> sites.
> 
> Stefan Esser found a vulnerability in Piwik, which can allow arbitrary
> files 
> to be written into writable locations on the webserver. He says, it is
> also 
> possible to execute arbitrary PHP code directly in newer versions of
> Piwik.
> 
> The original advisory is here: 
> http://www.suspekt.org/2009/12/09/advisory-032009-piwik-cookie-
> unserialize-vulnerability/
> 
> I think, it is worth assigning a CVE.
> 
> Regards,
> Eren

-- 
    JB

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic