thr3ads.net - Secure testing team - [Secure-testing-team] Bug#562634: CVE-2009-4412: Unrestricted file upload vulnerability [Dec 2009]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2009-Dec-26 17:36 UTC

[Secure-testing-team] Bug#562634: CVE-2009-4412: Unrestricted file upload vulnerability

Package: serendipity
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for serendipity.

CVE-2009-4412[0]:
| Unrestricted file upload vulnerability in Serendipity before 1.5
| allows remote authenticated users to execute arbitrary code by
| uploading a file with an executable extension followed by a safe
| extension, then accessing it via a direct request to the file in an
| unspecified directory.  NOTE: some of these details are obtained from
| third party information.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4412
    http://security-tracker.debian.org/tracker/CVE-2009-4412


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAks2SYUACgkQNxpp46476apbogCgm2nZ1XC8ZWR33+IMvDLzOZkp
YgMAoIrXz9al95UzHpPuRUHsU58rbIFO
=HVHB
-----END PGP SIGNATURE-----

Secure testing team - Dec 2009 - Bug#562634: CVE-2009-4412: Unrestricted file upload vulnerability

[Secure-testing-team] Bug#562634: CVE-2009-4412: Unrestricted file upload vulnerability