|
Description
|
|
A vulnerability has been identified in Debian, which could be exploited by attackers to gain unauthorized access to arbitrary files on a vulnerable system. This issue is caused by an input validation error in the administrative interface within the Mailing List Managing Made Joyful (mlmmj) when processing user-supplied data, which could be exploited by authenticated attackers to write or delete arbitrary files.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Debian GNU/Linux lennyDebian GNU/Linux sid
|
|
|
|
|
|
Solution
|
|
Debian GNU/Linux lenny - Upgrade to mlmmj version 1.2.15-1.1+lenny1Debian GNU/Linux sid - Upgrade to mlmmj version 1.2.17-1.1
|
|
|
|
|
|
CVE
|
|
CVE-2009-4896
|
|
|
|
|
|
References
|
|
http://lists.debian.org/debian-security-announce/2010/msg00118.html
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
