Source: opennds Version: 9.10.0-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for opennds. CVE-2023-38313[0]: | An issue was discovered in OpenNDS Captive Portal before 10.1.2. it | has a do_binauth NULL pointer dereference that can be triggered with | a crafted GET HTTP request with a missing client redirect query | string parameter. Triggering this issue results in crashing openNDS | (a Denial-of-Service condition). The issue occurs when the client is | about to be authenticated, and can be triggered only when the | BinAuth option is set. CVE-2023-38314[1]: | An issue was discovered in OpenNDS Captive Portal before version | 10.1.2. It has a NULL pointer dereference in preauthenticated() that | can be triggered with a crafted GET HTTP request with a missing | redirect query string parameter. Triggering this issue results in | crashing OpenNDS (a Denial-of-Service condition). CVE-2023-38315[2]: | An issue was discovered in OpenNDS Captive Portal before version | 10.1.2. It has a try_to_authenticate NULL pointer dereference that | can be triggered with a crafted GET HTTP with a missing client token | query string parameter. Triggering this issue results in crashing | OpenNDS (a Denial-of-Service condition). CVE-2023-38316[3]: | An issue was discovered in OpenNDS Captive Portal before version | 10.1.2. When the custom unescape callback is enabled, attackers can | execute arbitrary OS commands by inserting them into the URL portion | of HTTP GET requests. CVE-2023-38320[4]: | An issue was discovered in OpenNDS Captive Portal before version | 10.1.2. It has a show_preauthpage NULL pointer dereference that can | be triggered with a crafted GET HTTP with a missing User-Agent | header. Triggering this issue results in crashing OpenNDS (a Denial- | of-Service condition). CVE-2023-38322[5]: | An issue was discovered in OpenNDS Captive Portal before version | 10.1.2. It has a do_binauth NULL pointer dereference that be | triggered with a crafted GET HTTP request with a missing User-Agent | HTTP header. Triggering this issue results in crashing OpenNDS (a | Denial-of-Service condition). The issue occurs when the client is | about to be authenticated, and can be triggered only when the | BinAuth option is set. CVE-2023-38324[6]: | An issue was discovered in OpenNDS Captive Portal before version | 10.1.2. It allows users to skip the splash page sequence when it is | using the default FAS key and when OpenNDS is configured as FAS | (default). [7] contains the report, and these issues are fixed in v10.1.2 upstream. Note two more are fixed in 10.1.3 (separate bug for it coming to separate the CVEs) and a set of CVEs are apparently yet unresolved. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-38313 https://www.cve.org/CVERecord?id=CVE-2023-38313 [1] https://security-tracker.debian.org/tracker/CVE-2023-38314 https://www.cve.org/CVERecord?id=CVE-2023-38314 [2] https://security-tracker.debian.org/tracker/CVE-2023-38315 https://www.cve.org/CVERecord?id=CVE-2023-38315 [3] https://security-tracker.debian.org/tracker/CVE-2023-38316 https://www.cve.org/CVERecord?id=CVE-2023-38316 [4] https://security-tracker.debian.org/tracker/CVE-2023-38320 https://www.cve.org/CVERecord?id=CVE-2023-38320 [5] https://security-tracker.debian.org/tracker/CVE-2023-38322 https://www.cve.org/CVERecord?id=CVE-2023-38322 [6] https://security-tracker.debian.org/tracker/CVE-2023-38324 https://www.cve.org/CVERecord?id=CVE-2023-38324 [7] https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx [8] https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 Regards, Salvatore