Candidate: CVE-2009-2265
PublicDate: 2009-07-05 16:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2265
Description:
 Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1
 allow remote attackers to create executable files in arbitrary directories
 via directory traversal sequences in the input to unspecified connector
 modules, as exploited in the wild for remote code execution in July 2009,
 related to the file browser and the editor/filemanager/connectors/
 directory.
Ubuntu-Description:
Notes:
 jdstrand> affected code in moin occurs first in 1.8.0. The first release
  of Ubuntu to contain the affected code is 9.04, but by that time it
  uses the system fsckeditor, which is a Suggests and not installed by
  default
Bugs:
Priority: low
Discovered-by:
Assigned-to: 
CVSS: 

Patches_moin:
upstream_moin: needs-triage
dapper_moin: not-affected (code not present)
hardy_moin: not-affected (code not present)
intrepid_moin: not-affected (code not present)
jaunty_moin: not-affected (system fckeditor)
karmic_moin: not-affected (system fckeditor)
lucid_moin: not-affected (system fckeditor)
maverick_moin: not-affected (system fckeditor)
natty_moin: not-affected (system fckeditor)
oneiric_moin: not-affected (system fckeditor)
devel_moin: not-affected (system fckeditor)

Patches_fckeditor:
upstream_fckeditor: released (2.6.4.1)
dapper_fckeditor: DNE
hardy_fckeditor: ignored (reached end-of-life)
intrepid_fckeditor: released (1:2.6.2-1lenny1build0.8.10.1)
jaunty_fckeditor: ignored (reached end-of-life)
karmic_fckeditor: not-affected (1:2.6.4.1-1)
lucid_fckeditor: not-affected
maverick_fckeditor: not-affected
natty_fckeditor: not-affected
oneiric_fckeditor: not-affected
devel_fckeditor: not-affected