[VIM] Webmin traversal - changelog

Heinbockel, Bill heinbockel at mitre.org
Tue Jul 11 09:37:11 EDT 2006

>-----Original Message-----
>From: vim-bounces at attrition.org 
>[mailto:vim-bounces at attrition.org] On Behalf Of George A. Theall
>Sent: Freitag, 30. Juni 2006 16:57
>To: Vulnerability Information Managers
>Subject: Re: [VIM] Webmin traversal - changelog
>security curmudgeon wrote:
>> Multiple guess!
>> a) Not properly fixed the first time
>> b) Originally thought to be Windows only, then discovered 
>works on Unix
>> c) Completely seperate issues/scripts
>The issue with 1.270 involves a failure to sanitize '\' characters in
>simplify_path(), while that in 1.280 occurs because simplify_path() is
>called before HTML entities are decoded. Sample exploit available on
>theall at tenablesecurity.com

Is this (CVE-2006-3392) related to the resent posting on Bugtraq?

And the following references provided therein:

which lists a directory traversal URL similar to that below:
(the "/..%01" sequence is repeated 61 times).

William Heinbockel
Infosec Engineer
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel at mitre.org

More information about the VIM mailing list