Debian Bug report logs -
#1059451
opennds: CVE-2023-38313 CVE-2023-38314 CVE-2023-38315 CVE-2023-38316 CVE-2023-38320 CVE-2023-38322 CVE-2023-38324
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Debian Edu Packaging Team <debian-edu-pkg-team@lists.alioth.debian.org>:
Bug#1059451; Package src:opennds.
(Mon, 25 Dec 2023 21:57:14 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Debian Edu Packaging Team <debian-edu-pkg-team@lists.alioth.debian.org>.
(Mon, 25 Dec 2023 21:57:14 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: opennds
Version: 9.10.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerabilities were published for opennds.
CVE-2023-38313[0]:
| An issue was discovered in OpenNDS Captive Portal before 10.1.2. it
| has a do_binauth NULL pointer dereference that can be triggered with
| a crafted GET HTTP request with a missing client redirect query
| string parameter. Triggering this issue results in crashing openNDS
| (a Denial-of-Service condition). The issue occurs when the client is
| about to be authenticated, and can be triggered only when the
| BinAuth option is set.
CVE-2023-38314[1]:
| An issue was discovered in OpenNDS Captive Portal before version
| 10.1.2. It has a NULL pointer dereference in preauthenticated() that
| can be triggered with a crafted GET HTTP request with a missing
| redirect query string parameter. Triggering this issue results in
| crashing OpenNDS (a Denial-of-Service condition).
CVE-2023-38315[2]:
| An issue was discovered in OpenNDS Captive Portal before version
| 10.1.2. It has a try_to_authenticate NULL pointer dereference that
| can be triggered with a crafted GET HTTP with a missing client token
| query string parameter. Triggering this issue results in crashing
| OpenNDS (a Denial-of-Service condition).
CVE-2023-38316[3]:
| An issue was discovered in OpenNDS Captive Portal before version
| 10.1.2. When the custom unescape callback is enabled, attackers can
| execute arbitrary OS commands by inserting them into the URL portion
| of HTTP GET requests.
CVE-2023-38320[4]:
| An issue was discovered in OpenNDS Captive Portal before version
| 10.1.2. It has a show_preauthpage NULL pointer dereference that can
| be triggered with a crafted GET HTTP with a missing User-Agent
| header. Triggering this issue results in crashing OpenNDS (a Denial-
| of-Service condition).
CVE-2023-38322[5]:
| An issue was discovered in OpenNDS Captive Portal before version
| 10.1.2. It has a do_binauth NULL pointer dereference that be
| triggered with a crafted GET HTTP request with a missing User-Agent
| HTTP header. Triggering this issue results in crashing OpenNDS (a
| Denial-of-Service condition). The issue occurs when the client is
| about to be authenticated, and can be triggered only when the
| BinAuth option is set.
CVE-2023-38324[6]:
| An issue was discovered in OpenNDS Captive Portal before version
| 10.1.2. It allows users to skip the splash page sequence when it is
| using the default FAS key and when OpenNDS is configured as FAS
| (default).
[7] contains the report, and these issues are fixed in v10.1.2
upstream. Note two more are fixed in 10.1.3 (separate bug for it
coming to separate the CVEs) and a set of CVEs are apparently yet
unresolved.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-38313
https://www.cve.org/CVERecord?id=CVE-2023-38313
[1] https://security-tracker.debian.org/tracker/CVE-2023-38314
https://www.cve.org/CVERecord?id=CVE-2023-38314
[2] https://security-tracker.debian.org/tracker/CVE-2023-38315
https://www.cve.org/CVERecord?id=CVE-2023-38315
[3] https://security-tracker.debian.org/tracker/CVE-2023-38316
https://www.cve.org/CVERecord?id=CVE-2023-38316
[4] https://security-tracker.debian.org/tracker/CVE-2023-38320
https://www.cve.org/CVERecord?id=CVE-2023-38320
[5] https://security-tracker.debian.org/tracker/CVE-2023-38322
https://www.cve.org/CVERecord?id=CVE-2023-38322
[6] https://security-tracker.debian.org/tracker/CVE-2023-38324
https://www.cve.org/CVERecord?id=CVE-2023-38324
[7] https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
[8] https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9
Regards,
Salvatore
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Dec 26 08:19:09 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon