Anthill Arbitrary Attachment Execution

2003-11-24T08:49:14
ID OSVDB:2859
Type osvdb
Reporter OSVDB
Modified 2003-11-24T08:49:14

Description

Vulnerability Description

Anthill 0.2.5 contains a flaw that may allow a malicious user to execute arbitrary code on a remote system. The issue is triggered when an attacker includes an attachment and then calls it directly. It is possible that the flaw may allow execution of malicious code resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Upgrade to version 0.2.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Anthill 0.2.5 contains a flaw that may allow a malicious user to execute arbitrary code on a remote system. The issue is triggered when an attacker includes an attachment and then calls it directly. It is possible that the flaw may allow execution of malicious code resulting in a loss of confidentiality, integrity, and/or availability.

References:

Secunia Advisory ID:10281 Generic Informational URL: http://anthill.vmlinuz.ca/index.php