blob: b58232f035433fa660de55cee20860fd6c59d4d9 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200506-21">
<title>Trac: File upload vulnerability</title>
Trac may allow remote attackers to upload files, possibly leading to the
execution of arbitrary code.
<product type="ebuild">trac</product>
<announced>June 22, 2005</announced>
<revised>June 22, 2005: 01</revised>
<package name="www-apps/trac" auto="yes" arch="*">
<unaffected range="ge">0.8.4</unaffected>
<vulnerable range="lt">0.8.4</vulnerable>
Trac is a minimalistic web-based project management, wiki and bug
tracking system including a Subversion interface.
Stefan Esser of the Hardened-PHP project discovered that Trac
fails to validate the "id" parameter when uploading attachments to the
wiki or the bug tracking system.
<impact type="normal">
A remote attacker could exploit the vulnerability to upload
arbitrary files to a directory where the webserver has write access to,
possibly leading to the execution of arbitrary code.
There is no known workaround at this time.
All Trac users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=www-apps/trac-0.8.4&quot;</code>
<uri link="">Hardened PHP Advisory 012005</uri>
<metadata tag="requester" timestamp="Tue, 21 Jun 2005 20:04:48 +0000">
<metadata tag="submitter" timestamp="Wed, 22 Jun 2005 01:36:58 +0000">
<metadata tag="bugReady" timestamp="Wed, 22 Jun 2005 08:15:34 +0000">