Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 245622 (CVE-2008-4920)

Summary: dev-php5/agavi<=1.0.0-beta5 Directory traversal (CVE-2008-4920)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal CC: php-bugs
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4920
Whiteboard: B4 [upstream]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2008-11-05 08:26:04 UTC
CVE-2008-4920 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4920):
  Directory traversal vulnerability in Agavi 1.0.0 beta 5 and earlier
  allows remote attackers to read arbitrary files via a .. (dot dot) in
  the cmplang parameter.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-01-13 18:10:58 UTC
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate was based on an incorrect claim regarding a directory issue in Agavi. The vendor has disputed the issue and the original researcher has retracted the original claim, so this is not a vulnerability. Further investigation by the vendor and original researcher show that the original issue was in a site-specific modification, which is outside the scope of CVE. Notes: CVE users should not use this identifier.