PT-2002-2771 · Modlogan · Modlogan

Publicado

2002-12-31

Atualizado

2008-09-05

CVE-2002-2050

CVSS v2.0

2.1

Baixa

Vetor

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions ModLogAn versions 0.5.0 through 0.7.11

Description A directory traversal issue exists in the processor web plugin for ModLogAn when used with the splitby option, allowing local users to overwrite arbitrary files by including a .. (dot dot) in the hostname of a log entry.

Recommendations For ModLogAn versions 0.5.0 through 0.7.11, consider disabling the splitby option in the processor web plugin as a temporary workaround until a patch is available. Restrict access to the processor web plugin to minimize the risk of exploitation. Avoid using the splitby option with untrusted log entries until the issue is resolved.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2002-2050

Produtos afetados

Modlogan

PT-2002-2771 · Modlogan · Modlogan

CVE-2002-2050

Identificadores relacionados

Produtos afetados

Referências · 5