Joined: 12 May 2004
|Posted: Wed Jun 22, 2005 4:47 pm Post subject: [ GLSA 200506-21 ] Trac: File upload vulnerability
|Gentoo Linux Security Advisory
Title: Trac: File upload vulnerability (GLSA 200506-21)
Date: June 22, 2005
Trac may allow remote attackers to upload files, possibly leading to the
execution of arbitrary code.
Trac is a minimalistic web-based project management, wiki and bug
tracking system including a Subversion interface.
Vulnerable: < 0.8.4
Unaffected: >= 0.8.4
Architectures: All supported architectures
Stefan Esser of the Hardened-PHP project discovered that Trac
fails to validate the "id" parameter when uploading attachments to the
wiki or the bug tracking system.
A remote attacker could exploit the vulnerability to upload
arbitrary files to a directory where the webserver has write access to,
possibly leading to the execution of arbitrary code.
There is no known workaround at this time.
All Trac users should upgrade to the latest available version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/trac-0.8.4"
Hardened PHP Advisory 012005
Last edited by GLSA on Sun May 01, 2011 4:19 am; edited 3 times in total