'Re: [oss-security] Re: zenoss issues'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: zenoss issues
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-08-27 17:35:15
Message-ID: 503BAFD3.5030709 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/24/2012 04:04 AM, Thomas Pollet wrote:
> Hi,
> 
> I have found that zenoss displays snmp output like syslocation
> unfiltered in the web interface. 
> http://jira.zenoss.com/jira/browse/ZEN-3192 I suspect there are
> many more bugs in this package.
> 
> Regards, Thomas
> 
> On 24 August 2012 09:33, Thomas Pollet <thomas.pollet@gmail.com>
> wrote:
> 
>> Hello,
>> 
>> I have found xss and command execution problems with zenoss. I
>> created a bugreport which can be found at 
>> http://jira.zenoss.com/jira/browse/ZEN-3183 . However the zenoss 
>> developers don't seem to be able to reproduce the issues.
>> 
>> Another issue, reported by Emanuel Bronshtein can be found at 
>> http://jira.zenoss.com/jira/browse/ZEN-3153
>> 
>> Regards, Thomas Pollet

Just a reminder that no public links have been posted, if you could
please do so I will assign a CVE #.



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQO6/SAAoJEBYNRVNeJnmTKIQQALkZNy/lAiXL6Pit0kTJkdwq
0emVwdBJ37QhxFTZc61yt6dSxgQRIjhbn9SLiGMkVR58UqVU/e5FbXxZZgGUYT/5
JQEvzZ8UuS0GiPD5zqtmT2rXbA9BEDnmxPaIeHY9gisMAaRvR8cMNc9htS6X+Hqu
BN9rFgHcNN8VwZ1yuB6VHxZLLncTUgmYW69tbKu7OU/1WSmyE6MmW/OVKiopv373
/w61EAL2NYhw0IFa8eLUnoJEQPNg75VkJ5SKsb9SEaZPCDdSQ8SUEGMDVQX1Pqu3
ieYJZ6uNrveZk2hkAb8oXt+/V4rokjUpfuP+xWxm1GYuSE0jBwzv0VmK2URuj2GI
TWUq4+ROLEA+u+Sp7LaD64VPG+LLZuJ2sPSGx5/Ug23I1qYYkYSJ0IjAsQf9rISz
FCilwag7yFz+FUcSmZsj4j8cZtN7yB0cASgC8o/SuYbHnM0+D0zXxsB8r1f70XeM
ZBK6OJpsxxjAiutpSeneVbcIv4zZwcb+O89zvl/KltLwYsYi+fa/dxHzO3o3y+od
ZQTz69mCzDPucqjA5jaLhYtnbOHb/RnF2RpeOULyIVgKBPVVhEZz6ocbq6PHyjis
Rb9paATIJxDm0dHsAee0xnpYtpzn46/p6iWa35obUe6wdWfhdayCgqooVvW6iFax
G6yB9TZnlivN0wW4B46n
=k4hV
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic