[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE requests - Contact Form 7, eZPublish (EZSA-2015-001), Prestashop
From:       us3r777 <us3r777 () n0b0 ! so>
Date:       2015-09-22 16:51:01
Message-ID: 560186F5.5010909 () n0b0 ! so
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

Could a CVE please be assigned to these issues ?

Issue 1:
Software: Contact Form 7 (Wordpress plugin)
Type of vulnerability: The Captcha is predictible using seed recovery
attack (mt_rand)
Exploitation vectors: The plugin use the output of mt_rand() function
as a prefix for the Captcha filename. These outputs can be used to
recover the initial seed, which can be used to predict the content of
the Captcha.
Attack outcome: The captcha functionnality can be totally bypass.
Patch:
https://github.com/wp-plugins/contact-form-7/commit/6e75a825829b00c2f645
acc67ea14ccfd7e54ceb
Bug entry: N/A
Security advisory: http://contactform7.com/2015/03/14/contact-form-7-411
/
Affected versions: Contact Form 7 < 4.1.1
Fixed versions: Contact Form 7 4.1.1 or higher
Already requested: Yes, via cve-assign@mitre.org, I never got any answer
Open source software request.

Issue 2:
Software: eZPublish
Type of vulnerability: Password recovery token predictible using seed
recovery attack.
Exploitation vectors: Using a valid user account a malicious user can
get outputs from mt_rand and predict another user token.
Attack outcome: A malicious user can get access to other users accounts.
Patch:
https://github.com/ezsystems/ezpublish-legacy/commit/5908d5ee65fec61ce0e
321d586530461a210bf2a
Bug entry: https://jira.ez.no/browse/EZP-24140 (not public)
Security advisory:
http://share.ez.no/community-project/security-advisories/ezsa-2015-001-p
otential-vulnerability-in-ez-publish-password-recovery
(partially public)
Affected versions: 4.5.0, 4.6.0, 4.7.0, 5.0, 5.1, 5.2, 2015.01, 5.3.4,
5.4.1.1
Fixed versions:  4.5 Maintenance, 4.6 Maintenance, 4.7 Maintenance,
5.0 Maintenance, 5.1 Maintenance, 5.2 Maintenance, 5.3.5, 5.4.2, 2015.03
Already requested: Yes, via cve-assign@mitre.org, I never got any answer
Open source software request.

Issue 3:
Software: Prestashop
Type of vulnerability: Password recovery token predictible using seed
recovery attack.
Exploitation vectors: Using a valid user account a malicious user can
get outputs from mt_rand and predict another user token and generated
password.
Attack outcome: A malicious user can get access to other users accounts.
Patch:
https://github.com/PrestaShop/PrestaShop/commit/dcb1f8000ecf474375933730
91ae56c4ffdf42ac
Bug entry: N/A
Security advisory:
https://www.prestashop.com/blog/en/prestashop-security-release/
Affected versions: 1.4.x, 1.5.x, and 1.6.x up to 1.6.0.14.
Fixed versions: 1.4.11.1, 1.5.6.3 and 1.6.1.0
Already requested: Yes, via cve-assign@mitre.org, I never got any answer
Open source software request.

If you have any questions regarding this request, please do not
hesitate to contact me.

Gratefully,
Vincent Herbulot
@us3r777
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWAYbwAAoJEK8KESyNkKeinHEP/0j4Dd173WL5Ihjn+xYYC4qs
fEvmK5wTpPCKBw1iQ4ojxsqbYwcMq+nex8xDnEjDl+LJOoOv4p1uCyn1z6WSmNGz
1cMFM24w7xFpadOvuO6drRXZLTa+WDWl09pq8gHYVzZ0JXhpLCFeWpzefJZlVXI9
O1jvQZ24cSaYClLN3Z7WVDCtcdqy45VxvT981ea8lICwpFcjhs13IP1nf4U1Oxn5
+6tBERtXoufvfkqT0diVfQphAAjrVSi7zJgDzFAR3w4lkGkafMurFjzVgKdJmMgZ
XvXtJgLnHVd6TIOD1EJkFfUHLeoHF+CP3/TbcyjH6AVkFp84MFloI8Ep2H6coaHT
yeGKpeXbj6qxmz1FKDknVaJWcVInq340iQOW52XVt0qQRCKyZvNMsbpN5poVjw64
DOY9uMiNLeRrb314TSkL0fPrtzX/T9iPJv0lrTfty1OptqwMHM0/tHJ8O1+Mf9O0
RerUeCH53Ys3bVKN6HFwJl4Ozoy+cstlHYBmFECIRm8QblJNRV2WqwwzX1q+mXAZ
PRB2Wm4pI3KjPbq78vcU4r6wKDq25edJorlGYXg9oKQBKHuXqGpKrtJDymHHtrLe
idCI2C3kdgBPTMszASCWm8VdGgjHaExILEYftmboyLZQpUOaYLQTd7+Nkj8kgCy0
9AcwVPCM18wvERQFy5yM
=ueBr
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]