[VIM] ack: Mambo Flyspray ME Component startdown.php file Variable Arbitrary File Access
Steven M. Christey
coley at linus.mitre.org
Tue Dec 26 21:24:03 EST 2006
On Tue, 26 Dec 2006, security curmudgeon wrote:
> CVE-2006-6203, OSVDB 30699
>
> A serious security risk was found in Flyspray ME 1.0.1 therefore we
> released a new version 1.0.2 today. See changelog.txt for details. We
> recommend updating the component instantly!
Looks like more than the original issue might have been handled.
The CHANGELOG.TXT in 1.0.2 says:
1.0.1 --> 1.0.2
---------------
- fixed a serious security risk in startdown.php as well as flyspray.php
and
admin.flyspray.php
(you only need to update the following files on your server:
- flyspray.xml
- startdown.php
- flyspray.php
- admin.flyspray.php
A diff between 1.0.1 and 1.0.2 shows that startdown.php was changed to
address the issue... so what about the others?
flyspray.xml only changes version information.
I can't instantly tell what's going on with flyspray.php and
admin.flyspray.php. The older versions retrieve a filename as recorded in
a database record, then test it using file_exists; but the update only
changes it to an is_file test. There doesn't seem to be any other change
that could be interpreted as sanity checking. It's not immediately clear
what issues are being addressed.
- Steve
More information about the VIM
mailing list