Martin Schulze wrote: > Package: jsboard > Version: 2.0.10-2 > Severity: grave > Tags: sarge sid security patch > > Please fix the directory traversal vulnerability. > > http://marc.theaimsgroup.com/?l=bugtraq&m=110627201120011&w=2 > > Details > ======= > PHP has a feature discarding the input values containing null characters > when magic_quotes_gpc = off. Because JSBoard session.php doesn't sanitize > $table variable, a malicious attacker can read arbitrary files. > > --- > include_once "include/print.php"; > parse_query_str(); > $opt = $table ? "&table=$table" : ""; > $opts = $table ? "?table=$table" : ""; > ...snip... > --- > > This is CAN-2005-0300 > URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0300 > > Reference: BUGTRAQ:20050120 STG Security Advisory: [SSA-20050120-22] JSBoard > file disclosure > Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110627201120011&w=2 > Reference: BID:12319 > Reference: URL:http://www.securityfocus.com/bid/12319 > Reference: XF:jsboard-session-file-include(18990) > Reference: URL:http://xforce.iss.net/xforce/xfdb/18990
Wasn't this fixed in version 2.0.10-1? -- see shy jo
signature.asc
Description: Digital signature
