Lucene search

Gentoo FoundationGLSA-200408-09

HistoryAug 11, 2004 - 12:00 a.m.

Roundup: Filesystem access vulnerability

2004-08-1100:00:00

Gentoo Foundation

security.gentoo.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.015 Low

EPSS

Percentile

86.9%

JSON

Background

Roundup is a simple to use issue-tracking system with command-line, web, and e-mail interfaces.

Description

Improper handling of a specially crafted URL allows access to the server’s filesystem, which could contain sensitive information.

Impact

An attacker could view files owned by the user running Roundup. This will never be root however, as Roundup will not run as root.

Workaround

There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Roundup.

Resolution

All Roundup users should upgrade to the latest version:

 # emerge sync
 
 # emerge -pv "&gt;=www-apps/roundup-0.7.6"
 # emerge "&gt;=www-apps/roundup-0.7.6"

OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-apps/roundup<= 0.6.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	www-apps/roundup	<= 0.6.4	UNKNOWN

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.015 Low

EPSS

Percentile

86.9%

JSON

Related for GLSA-200408-09