~wgrant/ubuntu-cve-tracker/main

« back to all changes in this revision

Viewing changes to retired/CVE-2007-0159

• browse files at revision 1367
• compare with another revision
• download diff
• download tarball
• view history from revision 1367

Show diffs side-by-side

added

removed

retired/CVE-2007-0159

 

1

PublicDate: 2007-01-09

1

2

Candidate: CVE-2007-0159

2

3

References:

3

4

 http://www.ubuntu.com/usn/usn-412-1

4

5

Description:

 

6

 Directory traversal vulnerability in the GeoIP_update_database_general

 

7

 function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious

 

8

 update servers (possibly only update.maxmind.com) to overwrite arbitrary

 

9

 files via a .. (dot dot) in the database filename, which is returned by a

 

10

 request to app/update_getfilename.

5

11

Ubuntu-Description:

6

12

Notes:

7

13

Bugs:

• Older »

Loggerhead is a web-based interface for Breezy
Version: 2.0.1