thr3ads.net - Secure testing team - [Secure-testing-team] Bug#538722: CVE-2009-2265: fckeditor is embedded in etch version [Jul 2009]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2009-Jul-26 14:38 UTC

[Secure-testing-team] Bug#538722: CVE-2009-2265: fckeditor is embedded in etch version

Package: knowledgeroot
Version: 0.9.7.3-2
Severity: serious
Tags: security etch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for fckeditor.

CVE-2009-2265[0]:
| Multiple directory traversal vulnerabilities in FCKeditor before
| 2.6.4.1 allow remote attackers to create executable files in arbitrary
| directories via directory traversal sequences in the input to
| unspecified connector modules, as exploited in the wild for remote
| code execution in July 2009, related to the file browser and the
| editor/filemanager/connectors/ directory.


fckeditor is embedded in knowledgeroot (etch version).

Please coordinate with the security team (team at security.debian.org) to
prepare packages for the oldstable releases.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2265
    http://security-tracker.debian.net/tracker/CVE-2009-2265

Cheers,
Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpsam0ACgkQNxpp46476aqexgCdGm4PscVpzOu7W9wNNdoggGnQ
lW8AoICkb34/DFw4fXdebU5UrpO6fZVp
=T2Y8
-----END PGP SIGNATURE-----

Secure testing team - Jul 2009 - Bug#538722: CVE-2009-2265: fckeditor is embedded in etch version

[Secure-testing-team] Bug#538722: CVE-2009-2265: fckeditor is embedded in etch version