2005-12-06 05:00 bigmichi1 Michael Cramer (bigmichi1 at users.sf.net) * index.php: security fix Plus the usual month is up. web-apps please advice.
stable on ppc64
ppc stable
stable on x86
Stable on amd64.
Stable on hppa.
SPARC Stable
alpha done. Security this is ready for you.
Thanks you guys, we don't know anything about the vulnerability, and futhermore this is really old. I suggest closing without glsa. Fell free to reopen if you have elements justifying a call to a vote.
(In reply to comment #8) > Thanks you guys, > > we don't know anything about the vulnerability, some news : SA 20939 Description: Micheal Turner has discovered a weakness in phpSysInfo, which can be exploited by malicious people to detect files on the server. The weakness is caused by an error message returning information about whether or not a file exists. This can be exploited by providing a filename with a directory traversal character sequence to the "lng" parameter in index.php. The weakness has been confirmed in version 2.5.1. Other versions may also be affected. Solution: Filter malicious characters or character sequences with a web proxy. Edit the source code to ensure that input is properly sanitised. Provided and/or discovered by: Micheal Turner