Debian: 2000-10-09 Critical Issue: Exposure of Boa Package Files
debian
October 9, 2000
In versions of boa before 0.94.8.3, it is possible to access files outside of the server's document root by the use of properly constructed URL requests.
Topics Covered
Summary
Package: boa
Vulnerability: exposes contents of local files
Debian-specific: no
Vulnerable: yes
In versions of boa before 0.94.8.3, it is possible to access files outside
of the server's document root by the use of properly constructed URL
requests.
This problem is fixed in version 0.94.8.3-1, uploaded to Debian's unstable
distribution on October 3, 2000. Fixed packages are also available in
proposed-updates and will be included in the next revision of Debian/2.2
(potato).
Debian GNU/Linux 2.1 alias slink
Slink contains Boa version 0.93.15. This version is no longer supported;
we recommend that slink users upgrade to potato, or recompile the current
Boa packages on their slink systems.
Debian GNU/Linux 2.2 (stable) alias potato
Fixes are currently available for Alpha, Intel ia32, Motorola 680x0,
PowerPC and the Sun Sparc architectures, from the proposed-updates archive
and from these URLs:
Source archives:
MD5 checksum: 85349ebced6a9b0d57ac718891f617e0
MD5 checksum:...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!