|
Description
|
|
A vulnerability has been identified in Gentoo, which could be exploited by attackers to gain knowledge of sensitive information. This issue is caused by an input validation error in the "inc/init.php" script when processing the "config_cascade[main][default][]" parameter, which could be exploited by attackers to include or disclose the contents of local files with the privileges of the web server.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
www-apps/dokuwiki versions prior to 20090214b
|
|
|
|
|
|
Solution
|
|
Upgrade the affected package :# emerge --sync# emerge --ask --oneshot --verbose =www-apps/dokuwiki-2009-02-14b
|
|
|
|
|
|
CVE
|
|
CVE-2009-1960
|
|
|
|
|
|
References
|
|
http://www.gentoo.org/security/en/glsa/glsa-200908-09.xml
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
