Gentoo: GLSA-200408-09: Roundup filesystem access vulnerability

    Date11 Aug 2004
    CategoryGentoo
    202
    Posted ByLinuxSecurity Advisories
    Roundup will make files owned by the user that it's running as accessable to a remote attacker.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory                           GLSA 200408-09
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                                http://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    
      Severity: Low
         Title: Roundup filesystem access vulnerability
          Date: August 11, 2004
          Bugs: #53494
            ID: 200408-09
    
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    
    Synopsis
    ========
    
    Roundup will make files owned by the user that it's running as
    accessable to a remote attacker.
    
    Background
    ==========
    
    Roundup is a simple to use issue-tracking system with command-line,
    web, and e-mail interfaces.
    
    Affected packages
    =================
    
        -------------------------------------------------------------------
         Package          /  Vulnerable  /                      Unaffected
        -------------------------------------------------------------------
      1  net-www/roundup      <= 0.6.4 >= 0.7.6
    
    Description
    ===========
    
    Improper handling of a specially crafted URL allows access to the
    server's filesystem, which could contain sensitive information.
    
    Impact
    ======
    
    An attacker could view files owned by the user running Roundup. This
    will never be root however, as Roundup will not run as root.
    
    Workaround
    ==========
    
    There is no known workaround at this time. All users are encouraged to
    upgrade to the latest available version of Roundup.
    
    Resolution
    ==========
    
    All Roundup users should upgrade to the latest version:
    
        # emerge sync
    
        # emerge -pv ">=net-www/roundup-0.7.6"
        # emerge ">=net-www/roundup-0.7.6"
    
    References
    ==========
    
      [ 1 ] Secunia Advisory SA11801
            http://secunia.com/advisories/11801/
    
    Availability
    ============
    
    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:
    
        http://security.gentoo.org/glsa/glsa-200408-09.xml
    
    Concerns?
    =========
    
    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users machines is of utmost
    importance to us. Any security concerns should be addressed to
    This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at
    http://bugs.gentoo.org.
    
    License
    =======
    
    Copyright 2004 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).
    
    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.
    
    http://creativecommons.org/licenses/by-sa/1.0
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.