newsSavane - News: New Savane release fixes symlink attack and privilege escalation

 
 
Show feedback again
Latest News
New Savane release fixes symlink attack and privilege escalation posted by beuc, Wed 02 Dec 2009 10:24:18 PM UTC - 0 replies
Release 3.0: markup language and anti-spam tools posted by yeupou, Mon 04 Dec 2006 09:38:30 AM UTC - 3 replies
Release 2.0: interface heavy improvements, bugfixes and cosmetics posted by yeupou, Tue 03 Oct 2006 08:06:29 AM UTC - 3 replies
We need packagers! posted by yeupou, Tue 19 Sep 2006 06:09:45 PM UTC - 3 replies

New Savane release fixes symlink attack and privilege escalation

Item posted by Beuc <beuc> on Wed 02 Dec 2009 10:24:18 PM UTC.

Sylvain Beucler discovered that Savane, a 100% free software hosting platform, is vulnerable to a symlink attack on ~/.ssh user directories that may allow the attacker to gain access to other user accounts.

We forwarded the patch to gforge, which was also vulnerable, where it was identified as Debian-assigned CVE-2009-3304, disclosed today.

We recommend that you upgrade your Savane installation with new version 3.0+3.
The new version only contains this fix, hence does not otherwise introduce changes in its behavior.

Comments:

No messages in New Savane release fixes symlink attack and privilege escalation

 

Start a New Thread:

You could post if you were logged in
Show feedback again

Back to the top


Powered by Savane 3.1-cleanup