retitle 399169 torrentflux: create/delete/overwrite arbitrary files tags 399169 + pending thanks
Thanks for the report Stefan, your vigilance is much appreciated. Unfortunately the report from secunia is poorly titled, and some of it doesn't apply to the Debian package, so I'll include some more info below for those interested. On 11/18/06, Stefan Fritsch <[EMAIL PROTECTED]> wrote:
1) Input passed to the "kill" parameter in index.php is not properly sanitised before being used as the command line argument to the "kill" command. This can be exploited to inject arbitrary shell commands via the ";" character.
This doesn't apply to the current version (2.1-5), as it has had this input sanitized in fixing a previous 2.1 bug.
2) Input passed to the "delfile" or "alias_file" parameters in index.php is not properly sanitised before being used to delete, create or overwrite files. The "delfile" parameter can be exploited to delete arbitrary files. The "alias_file" parameter can be exploited to create or overwrite arbitrary files, but an attacker cannot control what data will be written to them.
This does apply to the current version, and will be fixed in the next version (2.1-6).
Successful exploitation requires valid user credentials.
None of these is very serious, as all require a registered user to exploit the hack. Cameron -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
