[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Re: zenoss issues
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2012-08-27 17:35:15
Message-ID: 503BAFD3.5030709 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/24/2012 04:04 AM, Thomas Pollet wrote:
> Hi,
>
> I have found that zenoss displays snmp output like syslocation
> unfiltered in the web interface.
> http://jira.zenoss.com/jira/browse/ZEN-3192 I suspect there are
> many more bugs in this package.
>
> Regards, Thomas
>
> On 24 August 2012 09:33, Thomas Pollet <thomas.pollet@gmail.com>
> wrote:
>
>> Hello,
>>
>> I have found xss and command execution problems with zenoss. I
>> created a bugreport which can be found at
>> http://jira.zenoss.com/jira/browse/ZEN-3183 . However the zenoss
>> developers don't seem to be able to reproduce the issues.
>>
>> Another issue, reported by Emanuel Bronshtein can be found at
>> http://jira.zenoss.com/jira/browse/ZEN-3153
>>
>> Regards, Thomas Pollet
Just a reminder that no public links have been posted, if you could
please do so I will assign a CVE #.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQIcBAEBAgAGBQJQO6/SAAoJEBYNRVNeJnmTKIQQALkZNy/lAiXL6Pit0kTJkdwq
0emVwdBJ37QhxFTZc61yt6dSxgQRIjhbn9SLiGMkVR58UqVU/e5FbXxZZgGUYT/5
JQEvzZ8UuS0GiPD5zqtmT2rXbA9BEDnmxPaIeHY9gisMAaRvR8cMNc9htS6X+Hqu
BN9rFgHcNN8VwZ1yuB6VHxZLLncTUgmYW69tbKu7OU/1WSmyE6MmW/OVKiopv373
/w61EAL2NYhw0IFa8eLUnoJEQPNg75VkJ5SKsb9SEaZPCDdSQ8SUEGMDVQX1Pqu3
ieYJZ6uNrveZk2hkAb8oXt+/V4rokjUpfuP+xWxm1GYuSE0jBwzv0VmK2URuj2GI
TWUq4+ROLEA+u+Sp7LaD64VPG+LLZuJ2sPSGx5/Ug23I1qYYkYSJ0IjAsQf9rISz
FCilwag7yFz+FUcSmZsj4j8cZtN7yB0cASgC8o/SuYbHnM0+D0zXxsB8r1f70XeM
ZBK6OJpsxxjAiutpSeneVbcIv4zZwcb+O89zvl/KltLwYsYi+fa/dxHzO3o3y+od
ZQTz69mCzDPucqjA5jaLhYtnbOHb/RnF2RpeOULyIVgKBPVVhEZz6ocbq6PHyjis
Rb9paATIJxDm0dHsAee0xnpYtpzn46/p6iWa35obUe6wdWfhdayCgqooVvW6iFax
G6yB9TZnlivN0wW4B46n
=k4hV
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic