lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20151217140340.GX4273@ns360119.ovh.net>
Date: Thu, 17 Dec 2015 15:03:40 +0100
From: Daniele Bianco <danbia@...rt.org>
To: oss-security@...ts.openwall.com, ocert-announce@...ts.ocert.org,
  bugtraq@...urityfocus.com
Subject: [oCERT 2015-011] PyAMF input sanitization errors (XXE)


#2015-011 PyAMF input sanitization errors (XXE)

Description:

PyAMF is a Python module that implements the Action Message Format (AMF)
protocol, allowing Flash interoperation with various web frameworks.

PyAMF suffers from insufficient AMF input payload sanitization which
results in the XML parser not preventing the processing of XML external
entities (XXE).

A specially crafted AMF payload, containing malicious references to XML
external entities, can be used to trigger Denial of Service (DoS)
conditions or arbitrarily return the contents of files that are accessible
with the running application privileges.

Affected version:

PyAMF <= 0.7.2

Fixed version:

PyAMF >= 0.8.0

Credit: vulnerability reported by Nicolas Grégoire <nicolas [dot] gregoire [at] agarri [dot] fr>

CVE:

CVE-2015-8549

Timeline:

2015-12-01: vulnerability report received
2015-12-02: contacted maintainer
2015-12-04: maintainer commits patch via public pull request
2015-12-12: reporter confirms patch
2015-12-14: contacted affected vendors
2015-12-14: assigned CVE
2015-12-17: advisory release

References:

https://github.com/hydralabs/pyamf/pull/58

Permalink:

http://www.ocert.org/advisories/ocert-2015-011.html

--
  Daniele Bianco      Open Source Computer Security Incident Response Team
  <danbia@...rt.org>                                  http://www.ocert.org

  GPG Key 0x9544A497
  GPG Key fingerprint = 88A7 43F4 F28F 1B9D 6F2D  4AC5 AE75 822E 9544 A497

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ