[Bug 281915] [NEW] [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file
Launchpad Bug Tracker
281915 at bugs.launchpad.net
Sat Oct 18 05:29:56 BST 2008
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Sarah Hobbs (hobbsee):
Binary package hint: bugzilla
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.
CVE-2008-4437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4437
** Affects: bugzilla (Ubuntu)
Importance: Undecided
Assignee: Stefan Lesicnik (stefanlsd)
Status: In Progress
** Affects: bugzilla (Ubuntu Dapper)
Importance: Undecided
Status: Invalid
** Affects: bugzilla (Ubuntu Gutsy)
Importance: Undecided
Assignee: Stefan Lesicnik (stefanlsd)
Status: In Progress
** Affects: bugzilla (Ubuntu Hardy)
Importance: Undecided
Assignee: Stefan Lesicnik (stefanlsd)
Status: In Progress
** Affects: bugzilla (Ubuntu Intrepid)
Importance: Undecided
Assignee: Stefan Lesicnik (stefanlsd)
Status: In Progress
** Affects: bugzilla (Debian)
Importance: Unknown
Status: Fix Released
--
[CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file
https://bugs.edge.launchpad.net/bugs/281915
You received this bug notification because you are a member of Ubuntu Sponsors for universe, which is a direct subscriber.
More information about the Ubuntu-universe-sponsors
mailing list