Security advisory SA-2011-1 - Directory traversal vulnerability
- Advisory ID:
- SA-2011-1
- Version:
- < 0.7.6
- Security risk:
- Moderately critical
- Exploitable from:
- Remote
- Vulnerability:
- Directory traversal
Description
User input in the log in page is not properly validated by www/filesystem.store.inc
before looking for an identity file using the specified user name. This may lead to a directory traversal vulnerability where an attacker with write access to any part of the server can create an identity file and thus assert any identity URL the attacker can claim.
Versions affected
- All versions prior to 0.7.6
- SVN versions prior to revision 368
Solution
Install the latest version:
- Upgrade to version 0.7.6
Alternatively, apply the this patch to www/filesystem.store.inc
Reported by
Matt McCutchen