Foolscap Local File Inclusion Vulnerability Fixed by 0.7.0


Description   A vulnerability has been identified in foolscap.
A remote attacker can exploit it in order to execute a local file and potentially take control of the "flappserver" process.
This vulnerability is located in the service-lookup code of the "flappserver" feature.
Updated, 12/08/2015:
The py27-foolscap, py32-foolscap, py33-foolscap and py34-foolscap packages provided by FreeBSD are vulnerable.
     
Vulnerable Products   Vulnerable OS:
FreeBSD (FreeBSD)Vulnerable Software:
     
Solution   Version 0.7.0 of foolscap fixes this vulnerability.
     
CVE  
     
References   - VuXML : py-foolscap -- local file inclusion
https://www.vuxml.org/freebsd/09fff0d9-4126-11e5-9f01-14dae9d210b8.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Local File Inclusion - suspicious /etc/passwd found in URL
3.5.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2014-09-23 

 Target Type 
Server 

 Possible exploit 
Remote