Trac id Variable Arbitrary File Upload / Access

2005-06-19T00:00:00
ID OSVDB:17398
Type osvdb
Reporter Stefan Esser(sesser@hardened-php.net)
Modified 2005-06-19T00:00:00

Description

Vulnerability Description

Trac contains a flaw that may allow a malicious user to upload and access arbitrary file. The issue is due to insufficient validation of 'id' variable. An attacker can supply arbitrary paths to attachement upload and viewer scripts, resulting in a loss of integrity.

Solution Description

Upgrade to version 0.8.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Trac contains a flaw that may allow a malicious user to upload and access arbitrary file. The issue is due to insufficient validation of 'id' variable. An attacker can supply arbitrary paths to attachement upload and viewer scripts, resulting in a loss of integrity.

References:

Vendor URL: http://www.edgewall.com/ Vendor Specific News/Changelog Entry: http://projects.edgewall.com/trac/wiki/ChangeLog Vendor Specific Advisory URL Security Tracker: 1014243 Secunia Advisory ID:15752 Secunia Advisory ID:15973 Other Advisory URL: http://www.hardened-php.net/advisory-012005.php Other Advisory URL: http://www.debian.org/security/2005/dsa-739 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0232.html CVE-2005-2007 CVE-2005-2147 Bugtraq ID: 13990