Bug#1059451: opennds: CVE-2023-38313 CVE-2023-38314 CVE-2023-38315 CVE-2023-38316 CVE-2023-38320 CVE-2023-38322 CVE-2023-38324
Salvatore Bonaccorso
carnil at debian.org
Mon Dec 25 21:52:54 GMT 2023
Source: opennds
Version: 9.10.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerabilities were published for opennds.
CVE-2023-38313[0]:
| An issue was discovered in OpenNDS Captive Portal before 10.1.2. it
| has a do_binauth NULL pointer dereference that can be triggered with
| a crafted GET HTTP request with a missing client redirect query
| string parameter. Triggering this issue results in crashing openNDS
| (a Denial-of-Service condition). The issue occurs when the client is
| about to be authenticated, and can be triggered only when the
| BinAuth option is set.
CVE-2023-38314[1]:
| An issue was discovered in OpenNDS Captive Portal before version
| 10.1.2. It has a NULL pointer dereference in preauthenticated() that
| can be triggered with a crafted GET HTTP request with a missing
| redirect query string parameter. Triggering this issue results in
| crashing OpenNDS (a Denial-of-Service condition).
CVE-2023-38315[2]:
| An issue was discovered in OpenNDS Captive Portal before version
| 10.1.2. It has a try_to_authenticate NULL pointer dereference that
| can be triggered with a crafted GET HTTP with a missing client token
| query string parameter. Triggering this issue results in crashing
| OpenNDS (a Denial-of-Service condition).
CVE-2023-38316[3]:
| An issue was discovered in OpenNDS Captive Portal before version
| 10.1.2. When the custom unescape callback is enabled, attackers can
| execute arbitrary OS commands by inserting them into the URL portion
| of HTTP GET requests.
CVE-2023-38320[4]:
| An issue was discovered in OpenNDS Captive Portal before version
| 10.1.2. It has a show_preauthpage NULL pointer dereference that can
| be triggered with a crafted GET HTTP with a missing User-Agent
| header. Triggering this issue results in crashing OpenNDS (a Denial-
| of-Service condition).
CVE-2023-38322[5]:
| An issue was discovered in OpenNDS Captive Portal before version
| 10.1.2. It has a do_binauth NULL pointer dereference that be
| triggered with a crafted GET HTTP request with a missing User-Agent
| HTTP header. Triggering this issue results in crashing OpenNDS (a
| Denial-of-Service condition). The issue occurs when the client is
| about to be authenticated, and can be triggered only when the
| BinAuth option is set.
CVE-2023-38324[6]:
| An issue was discovered in OpenNDS Captive Portal before version
| 10.1.2. It allows users to skip the splash page sequence when it is
| using the default FAS key and when OpenNDS is configured as FAS
| (default).
[7] contains the report, and these issues are fixed in v10.1.2
upstream. Note two more are fixed in 10.1.3 (separate bug for it
coming to separate the CVEs) and a set of CVEs are apparently yet
unresolved.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-38313
https://www.cve.org/CVERecord?id=CVE-2023-38313
[1] https://security-tracker.debian.org/tracker/CVE-2023-38314
https://www.cve.org/CVERecord?id=CVE-2023-38314
[2] https://security-tracker.debian.org/tracker/CVE-2023-38315
https://www.cve.org/CVERecord?id=CVE-2023-38315
[3] https://security-tracker.debian.org/tracker/CVE-2023-38316
https://www.cve.org/CVERecord?id=CVE-2023-38316
[4] https://security-tracker.debian.org/tracker/CVE-2023-38320
https://www.cve.org/CVERecord?id=CVE-2023-38320
[5] https://security-tracker.debian.org/tracker/CVE-2023-38322
https://www.cve.org/CVERecord?id=CVE-2023-38322
[6] https://security-tracker.debian.org/tracker/CVE-2023-38324
https://www.cve.org/CVERecord?id=CVE-2023-38324
[7] https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
[8] https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9
Regards,
Salvatore
More information about the Debian-edu-pkg-team
mailing list