Bugtraq mailing list archives
[ GLSA 200801-11 ] CherryPy: Directory traversal vulnerability
From: Robert Buchholz <rbu () gentoo org>
Date: Sun, 27 Jan 2008 17:25:24 +0100
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200801-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: CherryPy: Directory traversal vulnerability Date: January 27, 2008 Bugs: #204829 ID: 200801-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== CherryPy is vulnerable to a directory traversal that could allow attackers to read and write arbitrary files. Background ========== CherryPy is a Python-based, object-oriented web development framework. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-python/cherrypy < 3.0.2-r1 *>= 2.2.1-r2 >= 3.0.2-r1 Description =========== CherryPy does not sanitize the session id, provided as a cookie value, in the FileSession._get_file_path() function before using it as part of the file name. Impact ====== A remote attacker could exploit this vulnerability to read and possibly write arbitrary files on the web server, or to hijack valid sessions, by providing a specially crafted session id. This only affects applications using file-based sessions. Workaround ========== Disable the "FileSession" functionality by using "PostgresqlSession" or "RamSession" session management in your CherryPy application. Resolution ========== All CherryPy 2.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-python/cherrypy-2.2.1-r2" All CherryPy 3.0 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-python/cherrypy-3.0.2-r1" References ========== [ 1 ] CVE-2008-0252 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0252 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200801-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- [ GLSA 200801-11 ] CherryPy: Directory traversal vulnerability Robert Buchholz (Jan 28)