Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 194724

Summary: www-apps/xoops Uploader Class Unspecified Vulnerability (CVE-2007-5188)
Product: Gentoo Security Reporter: Tobias Heinlein (RETIRED) <keytoaster>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: minor CC: web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/27006
Whiteboard: B4 [ebuild]
Package list:
Runtime testing required: ---

Description Tobias Heinlein (RETIRED) gentoo-dev 2007-10-04 18:49:36 UTC 
CVE-2007-5188 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5188):
  Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1
  and earlier allows remote attackers to upload arbitrary files via unspecified
  vectors related to improper upload configuration settings in
  class/uploader.php and class/mimetypes.inc.php, possibly an incomplete
  blacklist that omits the .php4 extension.
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2007-10-04 18:58:41 UTC 
Solution: Apply the patch. (http://downloads.sourceforge.net/xoops/xoops-uploader-patch-071001.tar.gz)
Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-10-06 13:23:31 UTC 
xoops is p.masked, no need to bother with that.