300219 – (CVE-2009-4427) net-nds/phpldapadmin directory traversal (CVE-2009-4427)

Bug 300219 (CVE-2009-4427) - net-nds/phpldapadmin directory traversal (CVE-2009-4427)

Summary: net-nds/phpldapadmin directory traversal (CVE-2009-4427)

Status:	RESOLVED INVALID

Alias:	CVE-2009-4427

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~2? [upstream/ebuild?]
Keywords:

Depends on:
Blocks:

Reported:	2010-01-08 20:36 UTC by Stefan Behte (RETIRED)
Modified:	2010-01-09 13:51 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2010-01-08 20:36:36 UTC

CVE-2009-4427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4427):
  Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5
  allows remote attackers to include and execute arbitrary local files
  via a .. (dot dot) in the cmd parameter.

Comment 1 Víctor Ostorga (RETIRED) gentoo-dev

2010-01-09 12:41:51 UTC

(In reply to comment #0)
> CVE-2009-4427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4427):
>   Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5
>   allows remote attackers to include and execute arbitrary local files
>   via a .. (dot dot) in the cmd parameter.
> 
The only version available in portage is phpldapadmin-1.2.0.4 , which does not suffer from this vulnerability

Comment 2 Stefan Behte (RETIRED) gentoo-dev

2010-01-09 13:51:17 UTC

Indeed.