thr3ads.net - Secure testing team - [Secure-testing-team] Bug#596112: weborf: directory traversal discovered [Sep 2010]

If this information is useful, please help other people find it:
Share via:

Salvo Tomaselli

2010-Sep-08 17:47 UTC

[Secure-testing-team] Bug#596112: weborf: directory traversal discovered

Package: weborf
Version: 0.12.2-1
Severity: grave
Tags: security
Justification: user security hole

Directory traversal was discovered.
(i will publish the exploit later on)


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (990, ''unstable''), (500,
''experimental''), (500, ''testing'')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.34.6-era (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages weborf depends on:
ii  libc6                         2.11.2-5   Embedded GNU C Library: Shared lib

weborf recommends no packages.

Versions of packages weborf suggests:
ii  php5-cgi                      5.3.2-2    server-side, HTML-embedded scripti

-- no debconf information

Secure testing team - Sep 2010 - Bug#596112: weborf: directory traversal discovered

[Secure-testing-team] Bug#596112: weborf: directory traversal discovered