[Pkg-electronics-devel] Bug#887488: openocd: CVE-2018-5704 cross protocol scripting attack
Guido Günther
agx at sigxcpu.org
Wed Jan 17 09:50:44 UTC 2018
Package: openocd
X-Debbugs-CC: team at security.debian.org secure-testing-team at lists.alioth.debian.org
Severity: grave
Tags: important
Hi,
the following vulnerability was published for openocd.
CVE-2018-5704[0]:
| Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use
| HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote
| attackers to conduct cross-protocol scripting attacks, and consequently
| execute arbitrary commands, via a crafted web site.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-5704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5704
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-electronics-devel
mailing list