oss-sec mailing list archives
CVE-2011-2524: libsoup's SoupServer directory traversal flaw
From: Vincent Danen <vdanen () redhat com>
Date: Thu, 28 Jul 2011 12:31:28 -0600
Hello everyone. Just a heads up to advise about a directory traversal flaw in libsoup's SoupServer. This flaw could allow any service linked to libsoup and using SoupServer to have a remote user traverse the local file system and expose unintended files. References: https://bugzilla.redhat.com/show_bug.cgi?id=720509 https://bugzilla.gnome.org/show_bug.cgi?id=653258 http://git.gnome.org/browse/libsoup/commit/?id=cbeeb7a0f7f0e8b16f2d382157496f9100218dea http://git.gnome.org/browse/libsoup/commit/?h=gnome-3-0&id=51eb8798c3965b49f3010db82009d36429f28514 --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE-2011-2524: libsoup's SoupServer directory traversal flaw Vincent Danen (Jul 28)