Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.
bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542
secunia.com/advisories/41878
secunia.com/advisories/42149
secunia.com/advisories/42184
secunia.com/advisories/43427
www.debian.org/security/2011/dsa-2172
www.openwall.com/lists/oss-security/2010/09/29/6
www.openwall.com/lists/oss-security/2010/10/01/2
www.openwall.com/lists/oss-security/2010/10/01/5
www.securityfocus.com/bid/43585
www.vupen.com/english/advisories/2010/2705
www.vupen.com/english/advisories/2010/2909
www.vupen.com/english/advisories/2011/0456
developer.jasig.org/source/changelog/jasigsvn?cs=21538
forge.indepnet.net/projects/glpi/repository/revisions/12601
issues.jasig.org/browse/PHPCAS-80
lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html
lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html
lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html
lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html