Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-3195

Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.

Related bugs and status

CVE-2008-3195 (Candidate) is related to these bugs:

Bug #301535: Please Merge twiki(4.1.2-5) from Debian unstable

Summary				In	Importance	Status
	301535	Please Merge twiki(4.1.2-5) from Debian unstable		twiki (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://twiki.org/cgi-b...
CONFIRM: http://www.kb.cert.org...
CONFIRM: http://twiki.org/cgi-b...
CERT-VN: VU#362012
SECUNIA: 31849
SECUNIA: 31964
SREASON: 4265
VUPEN: ADV-2008-2586
XF: twiki-configure-image-...
XF: twiki-configure-direct...
EXPLOIT-DB: 6269