Full Disclosure mailing list archives
[PLSA 2008-62] Smarty: Security Bypass
From: Pınar Yanardağ <pinar () pardus org tr>
Date: Wed, 05 Nov 2008 08:45:31 +0200
------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-62 security () pardus org tr ------------------------------------------------------------------------ Date: 2008-11-05 Severity: 1 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been reported in Smarty, which can be exploited by malicious people to bypass certain security restrictions. Description =========== The vulnerability is caused due to an error when processing data with embedded variables. This can be exploited to potentially execute arbitrary PHP code. Affected packages: Pardus 2008: Smarty, all before 2.6.20-6-3 Resolution ========== There are update(s) for Smarty. You can update them via Package Manager or with a single command from console: pisi up Smarty References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8567 * http://code.google.com/p/smarty-php/source/diff?spec=svn2797&r=2797&format=side&path=/trunk/libs/Smarty_Compiler.class.php * http://smarty-php.googlecode.com/svn/trunk/NEWS ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [PLSA 2008-62] Smarty: Security Bypass Pınar Yanardağ (Nov 04)