Stay Secure with the Latest Linux Advisories

security advisorygentoodirectory traversal

Gentoo: GLSA-202303-05 Normal: Flask Security Vulnerability Alert

CherryPy is vulnerable to a directory traversal that could allow attackers to read and write arbitrary files.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200801-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: CherryPy: Directory traversal vulnerability Date: January 27, 2008 Bugs: #204829 ID: 200801-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= CherryPy is vulnerable to a directory traversal that could allow attackers to read and write arbitrary files. Background ========= CherryPy is a Python-based, object-oriented web development framework. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-python/cherrypy < 3.0.2-r1 *> = 2.2.1-r2 > = 3.0.2-r1 Description ========== CherryPy does not sanitize the session id, provided as a cookie value, in the FileSession._get_file_path() function before using it as part of the file name. Impact ===== A remote attacker could exploit this vulnerability to read and possibly write arbitrary files on the web server, or to hijack valid sessions, by providing a specially crafted session id. This only affects applications using file-based sessions. Workaround ========= Disable the "FileSession" functionality by using "PostgresqlSession" or "RamSession" session management in your CherryPy application. Resolution ========= All CherryPy 2.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot--verbose "> =dev-python/cherrypy-2.2.1-r2" All CherryPy 3.0 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-python/cherrypy-3.0.2-r1" References ========= [ 1 ] CVE-2008-0252 https://www.cve.org/CVERecord?id=CVE-2008-0252 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200801-11 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . In January 2008, Gentoo issued GLSA-200801-11 regarding a serious vulnerability in CherryPy, allowing unauthorized file access due to inadequate input validation. Gentoo, CherryPy, Directory Traversal, Security Advisory, File Access. . LinuxSecurity.com Team

Jan 27, 2008 Gentoo