Launchpad.net

CVE 2007-5491

Directory traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter.

Related bugs and status

CVE-2007-5491 (Candidate) is related to these bugs:

Bug #175319: [sitebar] Several remote vulnerabilities

		In	Importance	Status
175319	[sitebar] Several remote vulnerabilities	sitebar (Ubuntu)	Undecided	Fix Released
175319	[sitebar] Several remote vulnerabilities	sitebar (Debian)	Unknown	Fix Released
175319	[sitebar] Several remote vulnerabilities	sitebar (Ubuntu Dapper)	Undecided	Won't Fix
175319	[sitebar] Several remote vulnerabilities	sitebar (Ubuntu Edgy)	Undecided	Won't Fix
175319	[sitebar] Several remote vulnerabilities	sitebar (Ubuntu Gutsy)	Undecided	Won't Fix
175319	[sitebar] Several remote vulnerabilities	sitebar (Ubuntu Hardy)	Undecided	Fix Released
175319	[sitebar] Several remote vulnerabilities	sitebar (Ubuntu Feisty)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugs.gentoo.or...
MISC: http://teamforge.net/v...
BID: 26126
GENTOO: GLSA-200711-05
SECUNIA: 27503
DEBIAN: DSA-1423
SECUNIA: 28008
VUPEN: ADV-2007-3768