DansGuardian File Name Extension Filter Bypass

2002-02-10T00:00:00
ID OSVDB:5954
Type osvdb
Reporter OSVDB
Modified 2002-02-10T00:00:00

Description

Vulnerability Description

DansGuardian contains a flaw that may allow a local user to download files that are intended to be blocked. The issue is due to the filter not properly recognizing certain file extensions and allowing them through.

Solution Description

Upgrade to version 2.2.5, 2.3.1-1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

DansGuardian contains a flaw that may allow a local user to download files that are intended to be blocked. The issue is due to the filter not properly recognizing certain file extensions and allowing them through.

References:

Vendor URL: http://dansguardian.org/ Vendor Specific Advisory URL Security Tracker: 1003553