Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-2265

Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.

Related bugs and status

CVE-2009-2265 (Candidate) is related to these bugs:

Bug #396551: Sync fckeditor 1:2.6.4.1-1 (universe) from Debian unstable (main).

Summary				In	Importance	Status
	396551	Sync fckeditor 1:2.6.4.1-1 (universe) from Debian unstable (main).		fckeditor (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://isc.sans.org/di...
MISC: http://www.ocert.org/a...
SECTRACK: 1022513
MLIST: [Zope-dev] 20090706 zo...
CONFIRM: http://sourceforge.net...
DEBIAN: DSA-1836
SECUNIA: 35833
VUPEN: ADV-2009-1813
VUPEN: ADV-2009-1825
FEDORA: FEDORA-2009-7761
FEDORA: FEDORA-2009-7794
SECUNIA: 35909
BUGTRAQ: 20090703 [oCERT-2009-0...
MISC: http://packetstormsecu...