[Secure-testing-team] Bug#562634: CVE-2009-4412: Unrestricted file upload vulnerability
Giuseppe Iuculano
iuculano at debian.org
Sat Dec 26 17:36:08 UTC 2009
Package: serendipity
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for serendipity.
CVE-2009-4412[0]:
| Unrestricted file upload vulnerability in Serendipity before 1.5
| allows remote authenticated users to execute arbitrary code by
| uploading a file with an executable extension followed by a safe
| extension, then accessing it via a direct request to the file in an
| unspecified directory. NOTE: some of these details are obtained from
| third party information.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4412
http://security-tracker.debian.org/tracker/CVE-2009-4412
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAks2SYUACgkQNxpp46476apbogCgm2nZ1XC8ZWR33+IMvDLzOZkp
YgMAoIrXz9al95UzHpPuRUHsU58rbIFO
=HVHB
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list