|
Description
|
|
A vulnerability has been identified in Debian, which could be exploited by attackers to bypass security restrictions. This issue is caused by an input validation error in Aria2 when processing the "name" attribute of the "file" element of metalink files, which could be exploited to trick users into downloading files to directories outside of the intended download directory via directory traversal attacks.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Debian GNU/Linux lennyDebian GNU/Linux sid
|
|
|
|
|
|
Solution
|
|
Debian GNU/Linux lenny - Upgrade to aria2 version 0.14.0-1+lenny2Debian GNU/Linux sid - Upgrade to aria2 version 1.9.3-1
|
|
|
|
|
|
CVE
|
|
CVE-2010-1512
|
|
|
|
|
|
References
|
|
http://lists.debian.org/debian-security-announce/2010/msg00088.html
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
