[Python-apps-team] Bug#500781: CVE-2008-4297: privilege escalation
Nico Golde
nion at debian.org
Fri Oct 3 13:04:28 UTC 2008
Hi Steffen,
* Steffen Joeris <steffen.joeris at skolelinux.de> [2008-10-01 15:59]:
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for mercurial.
>
> CVE-2008-4297[0]:
> | Mercurial before 1.0.2 does not enforce the allowpull permission
> | setting for a pull operation from hgweb, which allows remote attackers
> | to read arbitrary files from a repository via an "hg pull" request.
>
> I am not sure about the severity of this issue, could you please investigate it?
I'd say grave would be appropriate as the repository could
contain sensitive information that should not be pulled. The
only thing with that is that hgweb itself is not shipped
within the Debian package but I guess a lot of people are
using the source package to extract the cgi script anyway.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/python-apps-team/attachments/20081003/c30c9a84/attachment.pgp
More information about the Python-apps-team
mailing list