Ubuntu
python-cherrypy package

[python-cherrypy] [CVE-2008-0252] missing input sanitising, remote vulnerability

Bug #191198 reported by disabled.user on 2008-02-12

This bug report is a duplicate of: Bug #187481: [CVE-2008-0252] Directory traversal vulnerability allows modification of arbitrary files. Edit Remove

258

	Status	Importance	Assigned to
python-cherrypy (Ubuntu)	Fix Released	Undecided	Unassigned
Dapper	Confirmed	Undecided	Unassigned
Edgy	Confirmed	Undecided	Unassigned
Feisty	Confirmed	Undecided	Unassigned
Gutsy	Confirmed	Undecided	Unassigned
Hardy	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: python-cherrypy

References:
DSA-1481-1 (http://www.debian.org/security/2008/dsa-1481)

Quoting:
"It was discovered that a directory traversal vulnerability in CherryPy,
a pythonic, object-oriented web development framework may lead to denial
of service by deleting files through malicious session IDs in cookies."

CVE References

2008-0252

Scott Kitterman (kitterman) on 2008-02-12

Changed in python-cherrypy:
status:	New → Confirmed
status:	New → Confirmed
status:	New → Confirmed
status:	New → Confirmed
status:	New → Fix Released

Revision history for this message

Lars Friedrichs (l-friedrichs) wrote on 2008-02-12:

Feisty Patch Edit (3.3 KiB, text/plain)

Hi,

I tried to backport the patch to feisty. I hope everything is correct as this is my first security fix.
Please let me know if things are allright.

Bye
Lars

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2008-03-04:

Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is a duplicate of bug 187481, so it is being marked as such. Please look at the other bug report to see if there is any missing information that you can provide, or to see if there is a workaround for the bug. Additionally, any further discussion regarding the bug should occur in the other report. Feel free to continue to report any other bugs you may find.