2 Feb 2012 22:24
security alert: directory traversal when using * in Location
Michiel Boland <michiel <at> boland.org>
2012-02-02 21:24:02 GMT
2012-02-02 21:24:02 GMT
Hi. I just released a security update for mathopd. (mathopd 1.5p7)
The problem:
If you use the * construct in your config, as in
Control {
Alias /
Location /var/www/*
}
then the * will be substituted with the value of the Host header that was
supplied by the client. However this occurs after path translation, and without
input verification could lead to directory traversal, exposing files outside of
/var/www.
If you are still using Mathopd, and use the * feature, you should upgrade as
soon as possible.
If you do not use the * feature, than you are not at risk. But you may still
want to upgrade.
Vulnerable versions of the software: all 1.4 versions, and all 1.5 versions
prior to 1.5p7
Thanks to Mateusz Goik for pointing this out.
Cheers
Michiel
(Continue reading)
RSS Feed