Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename. Reproducible: Didn't try http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:004 http://arctic.org/~dean/patches/GeoIP-1.4.0-update-vulnerability.patch
Thansk for the report, please Cc directly the maintainer. Patch: http://arctic.org/~dean/patches/GeoIP-1.4.0-update-vulnerability.patch
Committed to CVS, ready for stable
Hi arches, please test and mark stable: dev-libs/geoip-1.4.0-r1
Stable on SPARC.
Alpha stable.
Stable for HPPA.
x86 stable
ppc64 stable
ppc stable
Stable on IA64.
amd64 stable
voting time...
I vote yes, just running the server seems to make a whole system vulnerable.
I tend to vote NO.
no and closing, feel free to reopen if you disagree