Security issue noted here: -------------------------- http://sourceforge.net/mailarchive/forum.php?thread_name=5d9043b70910191044l4bb0178fs563a5128a0f5db01%40mail.gmail.com&forum_name=sahana-maindev Upstream patch: --------------- http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/www/index.php?r1=1.83&r2=1.84 PoC: ---- http://sahana/index.php?stream=text&mod=/../../../../../../../../../../../etc/passwd%00 Further issue analysis by David Nalley: --------------------------------------- The first issue would allow an attacker to touch/modify any file on the system. Essentially the issue is that get, post, and requests aren't sanitized or unescaped. Patches are outlined in the thread, and I am about to push updates to the package - documenting here.
pushed updates, requested push to stable in bodhi for F10,F11,and EL-5 Filed ticket 2635 with Rel-Eng for tag into F12 https://fedorahosted.org/rel-eng/ticket/2635#preview
CVE Requests: ------------- http://www.openwall.com/lists/oss-security/2009/10/22/3 http://www.openwall.com/lists/oss-security/2009/10/22/4
This is CVE-2009-3625.
sahana-0.6.2.2-6.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
sahana-0.6.2.2-6.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
sahana-0.6.2.2-6.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.