GeoIP vulnerability

2007-01-24T00:00:00
ID USN-412-1
Type ubuntu
Reporter Ubuntu
Modified 2007-01-24T00:00:00

Description

Dean Gaudet discovered that the GeoIP update tool did not validate the filename responses from the update server. A malicious server, or man-in-the-middle system posing as a server, could write to arbitrary files with user privileges.