[CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file
Bug #281915 reported by
Stefan Lesicnik
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bugzilla (Debian) |
Fix Released
|
Unknown
|
|||
bugzilla (Ubuntu) |
Fix Released
|
Undecided
|
Stefan Lesicnik | ||
Dapper |
Invalid
|
Undecided
|
Unassigned | ||
Gutsy |
Fix Released
|
Medium
|
Stefan Lesicnik | ||
Hardy |
Fix Released
|
Medium
|
Stefan Lesicnik | ||
Intrepid |
Fix Released
|
Medium
|
Stefan Lesicnik |
Bug Description
Binary package hint: bugzilla
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.
CVE-2008-4437
CVE References
Changed in bugzilla: | |
assignee: | nobody → stefanlsd |
status: | New → In Progress |
Changed in bugzilla: | |
status: | Unknown → New |
Changed in bugzilla: | |
status: | New → Fix Released |
Changed in bugzilla: | |
status: | New → In Progress |
status: | New → Invalid |
status: | New → In Progress |
Changed in bugzilla: | |
assignee: | nobody → stefanlsd |
assignee: | nobody → stefanlsd |
To post a comment you must log in.
The patch is released by upstream and is a simple sanity check with regex to remove leading '/' from an open(). It was built and tested that the patch applies succesfully.
https:/ /bugzilla. mozilla. org/show_ bug.cgi? id=437169 are details and the patch.