Package: logwatch Version: 6.1.2-1 Severity: normal Tags: patch
the script 'http' uses '/../../../' as an exploit-pattern. This causes things like '/dat/cjf/00/20/38/13.js' to match (which aren't exploits). attached patch changes this to '/\.\./\.\./\.\./' which fixes this problem. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.10-4 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages logwatch depends on: ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent ii perl 5.8.7-4 Larry Wall's Practical Extraction logwatch recommends no packages. -- no debconf information
diff -ur logwatch-6.1.2.debian/scripts/services/http logwatch-6.1.2/scripts/services/http --- logwatch-6.1.2.debian/scripts/services/http 2005-06-14 07:16:17.000000000 +0200 +++ logwatch-6.1.2/scripts/services/http 2005-08-19 09:54:52.209780234 +0200 @@ -250,7 +250,7 @@ # my @exploits = ( 'null', - '/../../../', + '/\.\./\.\./\.\./', '../../config.sys', '/../../../autoexec.bat', '/../../windows/user.dat',