正文

SiteBar 翻译模块(translator.php)目录遍历漏洞

admin
admin V管理员 /0 评论 /12 阅读
0104
此篇文章发布距今已超过1281天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

SiteBar 翻译模块(translator.php)目录遍历漏洞

  • CNNVD编号:CNNVD-200710-315
    • <!--
  • 危害等级: 超危-->
  • 危害等级: 超危
  • CVE编号: CVE-2007-5491
  • 漏洞类型: 路径遍历
  • 发布时间: 2007-10-17
  • 威胁类型: 远程
  • 更新时间: 2007-10-30
  • 厂        商: sitebar
  • 漏洞来源: Robert Buchholz of...

漏洞简介

SiteBar 3.3.8版本的翻译模块(translator.php)中存在目录遍历漏洞。远程验证用户可以借助lang参数的一个\"..\"序列,发送任意文件至0777。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

Debian Linux 4.0 amd64

Debian sitebar_3.3.8-7etch1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7

etch1_all.deb

Debian Linux 4.0 ia-32

Debian sitebar_3.3.8-7etch1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7

etch1_all.deb

Debian Linux 4.0 arm

Debian sitebar_3.3.8-7etch1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7

etch1_all.deb

Debian Linux 4.0 hppa

Debian sitebar_3.3.8-7etch1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7

etch1_all.deb

Debian Linux 4.0 sparc

Debian sitebar_3.3.8-7etch1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7

etch1_all.deb

Debian Linux 4.0 s/390

Debian sitebar_3.3.8-7etch1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7

etch1_all.deb

Debian Linux 4.0 powerpc

Debian sitebar_3.3.8-7etch1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7

etch1_all.deb

Debian Linux 4.0 alpha

Debian sitebar_3.3.8-7etch1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7

etch1_all.deb

Debian Linux 4.0 m68k

Debian sitebar_3.3.8-7etch1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7

etch1_all.deb

Debian Linux 4.0 mipsel

Debian sitebar_3.3.8-7etch1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7

etch1_all.deb

Debian Linux 4.0 ia-64

Debian sitebar_3.3.8-7etch1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7

etch1_all.deb

Debian Linux 4.0 mips

Debian sitebar_3.3.8-7etch1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7

etch1_all.deb

Debian Linux 3.1 ppc

Debian sitebar_3.2.6-7.1sarge1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7

.1sarge1_all.deb

Debian Linux 3.1 ia-64

Debian sitebar_3.2.6-7.1sarge1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7

.1sarge1_all.deb

Debian Linux 3.1 arm

Debian sitebar_3.2.6-7.1sarge1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7

.1sarge1_all.deb

Debian Linux 3.1 mips

Debian sitebar_3.2.6-7.1sarge1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7

.1sarge1_all.deb

Debian Linux 3.1 ia-32

Debian sitebar_3.2.6-7.1sarge1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7

.1sarge1_all.deb

Debian Linux 3.1 alpha

Debian sitebar_3.2.6-7.1sarge1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7

.1sarge1_all.deb

Debian Linux 3.1 m68k

Debian sitebar_3.2.6-7.1sarge1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7

.1sarge1_all.deb

Debian Linux 3.1 mipsel

Debian sitebar_3.2.6-7.1sarge1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7

.1sarge1_all.deb

Debian Linux 3.1 s/390

Debian sitebar_3.2.6-7.1sarge1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7

.1sarge1_all.deb

Debian Linux 3.1 amd64

Debian sitebar_3.2.6-7.1sarge1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7

.1sarge1_all.deb

Debian Linux 3.1 hppa

Debian sitebar_3.2.6-7.1sarge1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7

.1sarge1_all.deb

Debian Linux 3.1 sparc

Debian sitebar_3.2.6-7.1sarge1_all.deb

http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7

.1sarge1_all.deb

SiteBar SiteBar 3.2.6

SiteBar SiteBar-3.3.9.tar.bz2

http://downloads.sourceforge.net/sitebar/SiteBar-3.3.9.tar.bz2?modtime

=1192322139&big_mirror=0

SiteBar SiteBar 3.3.2

SiteBar SiteBar-3.3.9.tar.bz2

http://downloads.sourceforge.net/sitebar/SiteBar-3.3.9.tar.bz2?modtime

=1192322139&big_mirror=0

SiteBar SiteBar 3.3.3

SiteBar SiteBar-3.3.9.tar.bz2

http://downloads.sourceforge.net/sitebar/SiteBar-3.3.9.tar.bz2?modtime

=1192322139&big

参考网址

来源: bugs.gentoo.org

链接:https://bugs.gentoo.org/show_bug.cgi?id=195810

来源: BID

名称: 26126

链接:http://www.securityfocus.com/bid/26126

来源: GENTOO

名称: GLSA-200711-05

链接:http://www.gentoo.org/security/en/glsa/glsa-200711-05.xml

来源: VUPEN

名称: ADV-2007-3768

链接:http://www.frsirt.com/english/advisories/2007/3768

来源: DEBIAN

名称: DSA-1423

链接:http://www.debian.org/security/2007/dsa-1423

来源: MISC

链接:http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup

来源: SECUNIA

名称: 28008

链接:http://secunia.com/advisories/28008

来源: SECUNIA

名称: 27503

链接:http://secunia.com/advisories/27503

受影响实体

  • Sitebar Sitebar:3.3.8  
    <!--
    2000-1-1
    -->

补丁

    暂无