Fedora Security Update Fixes phpPgAdmin Local File Inclusion Issue


Description   A vulnerability has been identified in Fedora, which could be exploited by attackers to gain knowledge of sensitive information. This issue is caused by an error in the "index.php" script when processing the "_language" parameter, which could allow attackers to include local files with the privileges of the server.
     
Vulnerable Products   Vulnerable Software:
Fedora 8Fedora 9Fedora 10
     
Solution   Upgrade the affected package (phpPgAdmin) : http://docs.fedoraproject.org/yum/
     
CVE   CVE-2008-5587
     
References   https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01109.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01082.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01025.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Directory traversal - parameter starting with ../
3.2.0
Directory traversal using ..\..
3.2.0
Directory traversal
3.2.0
Directory traversal backward root folder
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2008-12-23 

 Target Type 
Server 

 Possible exploit 
Local & Remote