CVE-2009-0841 Information
Description
Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 when running on Windows with Cygwin allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter.
Reference
http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html http://secunia.com/advisories/34520 http://secunia.com/advisories/34603 http://trac.osgeo.org/mapserver/ticket/2942 http://www.debian.org/security/2009/dsa-1914 http://www.positronsecurity.com/advisories/2009-000.html http://www.securityfocus.com/archive/1/502271/100/0/threaded http://www.securityfocus.com/bid/34306 http://www.securitytracker.com/id?1021952 https://exchange.xforce.ibmcloud.com/vulnerabilities/49548 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html
Share on: