Date: Fri, 25 Mar 2016 15:55:44 +0600 From: Maxim Solodovnik <solomax@...che.org> To: Openmeetings user-list <user@...nmeetings.apache.org>, dev <dev@...nmeetings.apache.org>, security@...nmeetings.apache.org, security@...che.org, oss-security@...ts.openwall.com, bugtraq@...urityfocus.com Subject: [CVE-2016-0784] ZIP file path traversal Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 1.9.x - 3.1.0 Description: The Import/Export System Backups functionality in the OpenMeetings Administration menu (http://domain:5080/openmeetings/#admin/backup) is vulnerable to path traversal via specially crafted file names within ZIP archives. By uploading an archive containing a file named ../../../public/hello.txt will write the file “hello.txt” to the http://domain:5080/openmeetings/public/ directory. This could be used to, for example, overwrite the /usr/bin/convert file (or any other 3 rd party integrated executable) with a shell script, which would be executed the next time an image file is uploaded and imagemagick is invoked. All users are recommended to upgrade to Apache OpenMeetings 3.1.1 Credit: This issue was identified by Andreas Lindh Apache OpenMeetings Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.