====================================================== Name: CVE-2013-2153 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2153 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130219 Category: Reference: FULLDISC:20130617 CVE-2013-2153: Apache Santuario C++ signature bypass vulnerability Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0140.html Reference: MISC:http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGReference.cpp?r1=1125514&r2=1493959&pathrev=1493959&diff_format=h Reference: CONFIRM:http://santuario.apache.org/secadv.data/CVE-2013-2153.txt Reference: DEBIAN:DSA-2710 Reference: URL:http://www.debian.org/security/2013/dsa-2710 The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue." ====================================================== Name: CVE-2013-2154 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2154 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130219 Category: Reference: FULLDISC:20130617 CVE-2013-2154: Apache Santuario C++ stack overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0141.html Reference: MISC:http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGReference.cpp?r1=1125514&r2=1493959&pathrev=1493959&diff_format=h Reference: CONFIRM:http://santuario.apache.org/secadv.data/CVE-2013-2154.txt Reference: DEBIAN:DSA-2710 Reference: URL:http://www.debian.org/security/2013/dsa-2710 Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions, probably related to the DSIGReference::getURIBaseTXFM function. ====================================================== Name: CVE-2013-2155 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2155 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130219 Category: Reference: FULLDISC:20130617 CVE-2013-2155: Apache Santuario C++ denial of service vulnerability Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0142.html Reference: MISC:http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp?r1=1125752&r2=1493960&pathrev=1493960&diff_format=h Reference: CONFIRM:http://santuario.apache.org/secadv.data/CVE-2013-2155.txt Reference: DEBIAN:DSA-2710 Reference: URL:http://www.debian.org/security/2013/dsa-2710 Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the (1) compareBase64StringToRaw, (2) DSIGAlgorithmHandlerDefault, or (3) DSIGAlgorithmHandlerDefault::verify functions. ====================================================== Name: CVE-2013-2156 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2156 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130219 Category: Reference: FULLDISC:20130617 Re: CVE-2013-2156: Apache Santuario C++ heap overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0143.html Reference: MISC:http://svn.apache.org/viewvc?view=revision&revision=1493961 Reference: CONFIRM:http://santuario.apache.org/secadv.data/CVE-2013-2156.txt Reference: DEBIAN:DSA-2710 Reference: URL:http://www.debian.org/security/2013/dsa-2710 Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PrefixList attribute. ====================================================== Name: CVE-2013-2210 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2210 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130219 Category: Reference: FULLDISC:20130626 CVE-2013-2210 Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0216.html Reference: CONFIRM:http://santuario.apache.org/secadv.data/CVE-2013-2210.txt Reference: DEBIAN:DSA-2717 Reference: URL:http://www.debian.org/security/2013/dsa-2717 Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this is due to an incorrect fix for CVE-2013-2154. Reproducible: Steps to Reproduce:
Eh, he he he. Fixed by me Thu 27 Jun 2013. Memory like a gold fish. http://advisories.mageia.org/MGASA-2013-0193.html
Status: NEW => RESOLVEDResolution: (none) => FIXED