LXR Cross-Referencer任意文件泄漏漏洞发布时间:2003-03-10 更新时间:2003-03-19 严重程度:高 威胁程度:服务器信息泄露 错误类型:输入验证错误 利用方式:服务器模式 BUGTRAQ ID:7062 受影响系统 Cross Referencer LXR 0.3详细描述 LXR Cross-Referencer没有充分过滤用户从URL提交的参数,远程攻击者可以利用提交多个'../'字符并在请求的文件名后追加NUL字符访问任意有权限读的文件,导致服务器敏感信息泄漏 解决方案 Cross Referencer LXR 0.3: Debian Upgrade lxr_0.3-3_sparc.deb http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3- 3_sparc.deb Debian Upgrade lxr_0.3-3_s390.deb http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_s390.deb Debian Upgrade lxr_0.3-3_powerpc.deb http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_powerpc.deb Debian Upgrade lxr_0.3-3_mipsel.deb http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_mipsel.deb Debian Upgrade lxr_0.3-3_mips.deb http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_mips.deb Debian Upgrade lxr_0.3-3_m68k.deb http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_m68k.deb Debian Upgrade lxr_0.3-3_hppa.deb http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_hppa.deb Debian Upgrade lxr_0.3-3_ia64.deb http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_ia64.deb Debian Upgrade lxr_0.3-3_i386.deb http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_i386.deb Debian Upgrade lxr_0.3-3_arm.deb http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_arm.deb Debian Upgrade lxr_0.3-3_alpha.deb http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_alpha.deb 相关信息 报告:Albert Puigsech 相关信息:http://online.securityfocus.com/advisories/5124 http://online.securityfocus.com/archive/1/314613 |
