py-foolscap -- local file inclusion

ID 09FFF0D9-4126-11E5-9F01-14DAE9D210B8
Type freebsd
Reporter FreeBSD
Modified 2014-09-23T00:00:00


Brian Warner reports:

The "flappserver" feature was found to have a vulnerability in the service-lookup code which, when combined with an attacker who has the ability to write files to a location where the flappserver process could read them, would allow that attacker to obtain control of the flappserver process.