[VIM] Vendor ACK for W-Agora directory traversal

Steven M. Christey coley at mitre.org
Mon Aug 22 14:42:03 EDT 2005


Reference: CAN-2005-2648

An e-mail inquiry to the vendor resulted in an acknowledgement.  See
below.

- Steve

======================================================

>Thank you for your email.
>Yes, I've been recently informed of this vulnerability.
>After several tests on various platforms and PHP versions, it seems
>that this
>vulnerability can only be successfully exploited on windows systems
>and only if
>magic_quote_gpc is set to off. I couldn't reproduce the problem on
>unix
>systems.
>
>The fix consists in replacing line #132 in init.inc and line #25 in
>index.php :
>$site = empty($site) ? 'agora' : $site;
>with:
>$site = empty($site) ? 'agora' : trim(basename($site));
>
>I will release a patch and a new release in the next few days.
>
>Best regards,
>Marc Druilhe
>w-agora editor


======================================================
Candidate: CAN-2005-2648
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2648
Reference: BUGTRAQ:20050818 w-agora 4.2.0 and prior Remote Directory Travel Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/408522
Reference: FULLDISC:20050818 w-agora 4.2.0 and prior Remote Directory Travel Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0599.html
Reference: MISC:http://h4cky0u.org/viewtopic.php?t=2097
Reference: BID:14597
Reference: URL:http://www.securityfocus.com/bid/14597
Reference: SECUNIA:16497
Reference: URL:http://secunia.com/advisories/16497

Directory traversal vulnerability in index.php in W-Agora 4.2.0 and
earlier allows remote attackers to read arbitrary files via the site
parameter.




More information about the VIM mailing list