PEAR LiveUser LiveUser.php Cookie Data Traversal Arbitrary File Deletion

2006-02-21T22:10:40
ID OSVDB:23496
Type osvdb
Reporter James Bercegay(security@gulftech.org)
Modified 2006-02-21T22:10:40

Description

Solution Description

Upgrade to version 0.16.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor URL: http://pear.php.net/package/LiveUser/ Vendor Specific News/Changelog Entry: http://pear.php.net/package/LiveUser/download/0.16.9 Security Tracker: 1015659 Related OSVDB ID: 23495 Other Advisory URL: http://www.gulftech.org/?node=research&article_id=00103-02212006 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0386.html FrSIRT Advisory: ADV-2006-0697 CVE-2006-0869 Bugtraq ID: 16761