Package: logwatch
Version: 6.1.2-1
Severity: normal
Tags: patch
the script 'http' uses '/../../../' as an exploit-pattern.
This causes things like '/dat/cjf/00/20/38/13.js' to match (which aren't
exploits).
attached patch changes this to '/\.\./\.\./\.\./' which fixes this
problem.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.10-4
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages logwatch depends on:
ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent
ii perl 5.8.7-4 Larry Wall's Practical Extraction
logwatch recommends no packages.
-- no debconf information
diff -ur logwatch-6.1.2.debian/scripts/services/http
logwatch-6.1.2/scripts/services/http
--- logwatch-6.1.2.debian/scripts/services/http 2005-06-14 07:16:17.000000000
+0200
+++ logwatch-6.1.2/scripts/services/http 2005-08-19 09:54:52.209780234
+0200
@@ -250,7 +250,7 @@
#
my @exploits = (
'null',
- '/../../../',
+ '/\.\./\.\./\.\./',
'../../config.sys',
'/../../../autoexec.bat',
'/../../windows/user.dat',
