oss-sec mailing list archives
Re: CVE request: archmage directory traversal
From: cve-assign () mitre org
Date: Thu, 12 Feb 2015 15:47:35 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
please assign a CVE ID for this directory traversal in archmage: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776164 archmage is vulnerable to directory traversal via "../" sequences. As a proof of concept, unpacking the attached CHM file creates a file in /tmp
Use CVE-2015-1589. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJU3REQAAoJEKllVAevmvms3b4IALKbsUUNpNbS+B/wKOTln6Wn 777lAP5WnFym0Tv86hp8zOE8AAEhmhWUmkMfIakZ6fC+V8WF2oAiHc3tQks7JKt6 AwyfmcyGJlBNc/ZOpRpeGZ9MfL/igNXf/pEYrt8BF1TroznfW30ZLP4J5CvYod7Z dhmM0y6LhSAIJkYPlowCC4n7m3DIbmlexuoOhVdG0k89R6TzEXaMEKZvdvchyta2 3S1EMviuGKGTx64ZcIgjLXRys++qtFmfiu4sv+ywOJ1zWLgv0K+pU/f39lOEryyY pObrvjbyEnwX8/vDIgjPp062VIeVIgEynfugmu28c9UME/gBMVn8+Y1xJtpRQos= =wCNl -----END PGP SIGNATURE-----
Current thread:
- CVE request: archmage directory traversal Moritz Muehlenhoff (Feb 12)
- Re: CVE request: archmage directory traversal cve-assign (Feb 12)