Bug 852847 - (CVE-2013-6404) VUL-0: CVE-2013-6404: quassel: manipulated clients can access backlog of all users on a shared core
(CVE-2013-6404)
VUL-0: CVE-2013-6404: quassel: manipulated clients can access backlog of all...
Status: RESOLVED UPSTREAM
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Antonio Larrosa
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-28 14:44 UTC by Victor Pereira
Modified: 2015-02-18 23:01 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2013-11-28 14:44:30 UTC
CVE-2013-6404

A Quassel core (server daemon) supports being used by multiple users, who all have independent settings, backlog and so on. The backlog is stored in a database shared by all users on a Quassel core, tagged with a user ID. However, some SQL queries didn't check for the correct user ID being provided. An authenticated malicious user with a custom client, could access backlog of all users.


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6404
https://bugzilla.redhat.com/show_bug.cgi?id=1035577
Comment 1 Swamp Workflow Management 2013-11-29 23:00:08 UTC
bugbot adjusting priority
Comment 2 Bernhard Wiedemann 2013-12-10 15:00:13 UTC
This is an autogenerated message for OBS integration:
This bug (852847) was mentioned in
https://build.opensuse.org/request/show/210377 13.1 / quassel
Comment 3 Antonio Larrosa 2013-12-10 15:23:26 UTC
Note that Factory already contains Quassel 0.9.2 which has this vulnerability fixed, so maybe it's easier to just update to this version.
Comment 4 Bernhard Wiedemann 2013-12-11 14:00:27 UTC
This is an autogenerated message for OBS integration:
This bug (852847) was mentioned in
https://build.opensuse.org/request/show/210554 13.1 / quassel
Comment 5 Antonio Larrosa 2013-12-18 11:17:41 UTC
The patch was accepted for openSUSE:13.1:Update and factory already has a fixed 0.9.2, so I'm marking this bug as resolved.
Comment 6 Swamp Workflow Management 2013-12-23 14:05:20 UTC
openSUSE-SU-2013:1929-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 852847
CVE References: CVE-2013-6404
Sources used:
openSUSE 13.1 (src):    quassel-0.9.1-8.2