[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE request: Fat Free CRM multiple vulnerabilities
From: cve-assign () mitre ! org
Date: 2013-12-31 14:57:52
Message-ID: 201312311458.rBVEvqC7006687 () linus ! mitre ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> I can confirm for issue 3 that the disclosure also involves to_xml.
> Please assign the additional CVE ID.
Use CVE-2013-7249.
> Re: denial of service, I don't believe this is an issue as the exploit
> only relates to read operations.
OK, there is no CVE assignment for this. Just for clarification, the
"denial of service" theory was related to:
https://github.com/fatfreecrm/fat_free_crm/commit/cf26a04b356ad2161c4c6160260eb870a3de5328
specifically:
- resources :users, :id => /\d+/ do
+ resources :users, :id => /\d+/, :except => [:index, :destroy] do
and:
- it "recognizes and generates #destroy" do
- { :delete => "/users/1" }.should route_to(:controller => "users", :action => "destroy", :id => "1")
+ it "doesn't recognize #destroy" do
+ { :delete => "/users/1" }.should_not be_routable
in which a reader might infer that a "destroy" of some data associated
with a user account would be a denial of service.
Our understanding now is that the presence of ":destroy" in the added
code string:
, :except => [:index, :destroy]
does not prevent any type of attack, and therefore it is not a
vulnerability fix.
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)
iQEcBAEBAgAGBQJSwtq0AAoJEKllVAevmvmsd7IH/1zw1OPyRZMnweFANOFheRMg
QfJxobXUXBHa30uZeRaOBujRNzx/ptTl0CrfyCSDpktcXQ803TW8MmfOCwEfzvym
8QtH41XTxkXDzVNujl5jtVCMCEw9+/zPYvvsRT9vrQPNp1F2cIkUxcggn3PGJ4Et
Exuo83rI5ciyWgPOdB/s748PhPNRPIw8rx5zahxw9fepsxNnlXngdpGmxa6dD4YU
NZ7pNjc2RpUq22gVcSks17/JnqetCrvkwmUgTHT0VbYhu/c+Zf7DUd/vL6uvkmxh
GUUJsmsP/oUwmWrw8a4m2/cKFYMjORsOYK1KU2IjhtezddiiysOtg6E/eEs1SZQ=
=RNUF
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic