Red Hat Bugzilla – Bug 1121497
CVE-2008-7313 CVE-2014-5008 CVE-2014-5009 snoopy: incomplete fixes for command execution flaws
Last modified: 2017-02-01 03:18:35 EST
CVE-2008-4796 describes a command execution flaw in the Snoopy library. A similar fix exists for headers: http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27 The header fix has been assigned CVE-2008-7313 (as an incomplete fix for CVE-2008-4796). It was later reported that the CVE-2008-4796 fix was incomplete and command execution was still possible: http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/ And fixed with the following: http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.28 This has been assigned CVE-2014-5008 (as an incomplete fix for CVE-2008-4796). However, the CVE-2014-5008 fix was also incomplete: https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706 This was fixed with the following: http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.29 And assigned CVE-2014-5009 (as an incomplete fix for CVE-2014-5008). References: http://www.openwall.com/lists/oss-security/2014/07/09/11
> This was fixed with the following: > > http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class. > php?view=log#rev1.29 and further corrected in the subsequent commits > > And assigned CVE-2014-5009 (as an incomplete fix for CVE-2014-5008).
Created sahana tracking bugs for this issue: Affects: fedora-all [bug 1121501] Affects: epel-5 [bug 1121502]
Created wordpress-mu tracking bugs for this issue: Affects: epel-5 [bug 1121503]
Created nagios tracking bugs for this issue: Affects: fedora-all [bug 1121499] Affects: epel-all [bug 1121500]
Nagios as included in storage and openstack does not appear to expose the vulnerable code. There is example code in the nagios src package that is vulnerable but it is not included in the built packages. There is only 2 places that the vulnerable code is reached in nagios: 1. rss-corefeed.php: 18 function do_corefeed_html() { 19 20 $url="http://www.nagios.org/backend/feeds/corepromo"; 21 $rss=fetch_rss($url); 2. rss-newsfeed.php: 16 function do_newsfeed_html() { 17 18 $url="http://www.nagios.org/backend/feeds/frontpage/"; 19 $rss=fetch_rss($url); Neither of these accept anything but static input.
This is now being fixed; reopening.
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Via RHSA-2017:0214 https://rhn.redhat.com/errata/RHSA-2017-0214.html
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 Via RHSA-2017:0213 https://rhn.redhat.com/errata/RHSA-2017-0213.html
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 Via RHSA-2017:0212 https://rhn.redhat.com/errata/RHSA-2017-0212.html
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 Via RHSA-2017:0211 https://rhn.redhat.com/errata/RHSA-2017-0211.html