Launchpad.net

CVE 2010-3092

The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.

Related bugs and status

CVE-2010-3092 (Candidate) is related to these bugs:

Bug #539056: backport security fixes from 6.19 and 5.23

		In	Importance	Status
539056	backport security fixes from 6.19 and 5.23	drupal6 (Ubuntu)	Medium	Fix Released
539056	backport security fixes from 6.19 and 5.23	drupal5 (Ubuntu)	Undecided	Invalid
539056	backport security fixes from 6.19 and 5.23	drupal5 (Ubuntu Hardy)	Medium	Fix Released
539056	backport security fixes from 6.19 and 5.23	drupal6 (Ubuntu Hardy)	Undecided	Invalid
539056	backport security fixes from 6.19 and 5.23	drupal5 (Ubuntu Jaunty)	Undecided	Won't Fix
539056	backport security fixes from 6.19 and 5.23	drupal6 (Ubuntu Jaunty)	Undecided	Won't Fix
539056	backport security fixes from 6.19 and 5.23	drupal5 (Ubuntu Karmic)	Medium	Fix Released
539056	backport security fixes from 6.19 and 5.23	drupal6 (Ubuntu Karmic)	Medium	Fix Released
539056	backport security fixes from 6.19 and 5.23	drupal5 (Ubuntu Lucid)	Undecided	Invalid
539056	backport security fixes from 6.19 and 5.23	drupal6 (Ubuntu Lucid)	Medium	Fix Released
539056	backport security fixes from 6.19 and 5.23	drupal5 (Ubuntu Maverick)	Undecided	Invalid
539056	backport security fixes from 6.19 and 5.23	drupal6 (Ubuntu Maverick)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-3092

Related bugs and status

Related bugs

References