CVE-2009-4427
Published: 28 December 2009
Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.
Notes
Author | Note |
---|---|
jdstrand | according to upstream, this affects 1.1.0.7 and lower |
Priority
Status
Package | Release | Status |
---|---|---|
phpldapadmin Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Released
(1.1.0.5-6ubuntu3.1)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(1.1.0.7-1.2ubuntu2)
|
|
maverick |
Not vulnerable
(1.2.0.5-1ubuntu1)
|
|
natty |
Not vulnerable
(1.2.0.5-1ubuntu1)
|
|
oneiric |
Not vulnerable
(1.2.0.5-1ubuntu1)
|
|
upstream |
Released
(1.1.0.7-1.2)
|
|
Patches: vendor: http://www.debian.org/security/2010/dsa-1965 debdiff: https://bugs.launchpad.net/ubuntu/jaunty/+source/phpldapadmin/+bug/511189 |