oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE id request: syscp

From: Josh Bressers <bressers () redhat com>
Date: Wed, 30 Jun 2010 15:20:22 -0400 (EDT)

----- "Nico Golde" <oss-security+ml () ngolde de> wrote:


Hi,
can I get a CVE id for the following issue:
"today I received a mail about a severe security problem in 
the handling of open_basedir paths.  Customers are able to 
add whatever path they want via the documentroot of a domain 
by appending a colon to it and setting the open basedir path 
to use that domain documentroot, not the customer root."

http://www.syscp-forum.org/index.php?topic=4981.0
http://bugs.debian.org/587481



Please use CVE-2010-2476

Thanks.

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: