lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 18 Jun 2013 03:44:54 +0000
From: "Cantor, Scott" <cantor.2@....edu>
To: "security@...che.org" <security@...che.org>,
 "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
 "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Subject: CVE-2013-2154: Apache Santuario C++ stack
	overflow vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2013-2154: Apache Santuario XML Security for C++ contains a stack
overflow during XPointer evaluation

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache Santuario XML Security for C++ library versions
prior to V1.7.1

Description: A stack overflow, possibly leading to arbitrary code
execution, exists in the processing of malformed XPointer expressions
in the XML Signature Reference processing code.

An attacker could use this to exploit an application performing
signature verification if the application does not block the
evaluation of such references prior to performing the verification
step. The exploit would occur prior to the actual verification of
the signature, so does not require authenticated content.

Mitigation: Applications that do not otherwise prevent the evaluation of
XPointer expressions during signature verification and are using library
versions older than V1.7.1 should upgrade as soon as possible. Distributors
of older versions should apply the patches from this subversion revision:

http://svn.apache.org/viewvc?view=revision&revision=r1493959

The first chunk of the patch to DSIGReference.cpp is the relevant portion.

Credit: This issue was reported by James Forshaw, Context Information
Security

References: http://santuario.apache.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)

iQIcBAEBCgAGBQJRv9OYAAoJEDeLhFQCJ3li8IgP/1kbxVPOdSXDqx4ER9oBU877
7Z8XwGw3vL1CUoyt1AWlElqJpgrUMP723fcLWJa3sfXiY6Pnp/+dxfiaoUCAa+OJ
qJS2/TUmc/1EwGc+hawvCJlItuKb7aOHhdPlOX3KuriTHnqnigTXkpF0n5oUd7Md
e0+XOIFcTpoudUUEfdiigBtJHBxv8Jfq3dvjCOD2aOpRCreEBEinykdxdXWX2onw
Ugj7b+FxH/d4eVSYS1vuIxLAVqJpgN4AlVV7kNzyp0ivPE3NgKYb946Kq5YNkYN3
Xj3uq+VW7NxWMzWn/Gl5GEgPGNdzTPVZ80dy/bOIw4dDUtA362axfO24I+Lmrobx
2/JhgeovwCbIrbeMVZOtWeSYoRFSFtf9WxKDVi+9a+53UtZOWCNhky48D9iU2OuA
fxEAeTmDH+Dx23w/bXezwI0X4l2hItBHd4+V59BP7p/90Vu3iBw9jez8lzQXWJ8G
hzUyxCdGN0hB3K+1pOesKTmD1zdy8u3L/FUz91gbB7ciivmvzsx5a5zB3BLzWSJF
3jgAwWaay4DZdL4YmCW3khr5xa05nR0LUqlS3xpTukrWfPqLdjJzBfeeDWWxMGib
N5dPaf+DMB9Q5TmLXb6j3tsEfCS+xqky+ryqsS8rGrrIcL1zW9HAlG+QELAC/t6q
bVctGmNMu7i+o9xXqUJ0
=7xZa
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ