Bugzilla syncshadowdb Symlink Arbitrary File Overwrite

2005-12-26T06:03:19
ID OSVDB:22061
Type osvdb
Reporter OSVDB
Modified 2005-12-26T06:03:19

Description

Solution Description

Upgrade to version 2.16.11, 2.18 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329387 Vendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=305353 Vendor Specific Advisory URL Security Tracker: 1015411 Secunia Advisory ID:18218 Secunia Advisory ID:22826 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0309.html CVE-2005-4534