MDVSA-2010:023
- Package name
- phpldapadmin
- Date
- 2010-01-21
- Advisory ID
- MDVSA-2010:023
- Affected versions
- MES5 i586 , MES5 x86_64
Problem description
A vulnerability has been found and corrected in phpldapadmin:
Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5
allows remote attackers to include and execute arbitrary local files
via a .. (dot dot) in the cmd parameter (CVE-2009-4427).
The updated packages have been patched to correct thies issue.
Updated packages
MES5 i586
04269a24be47cae01b6ad81ad46128a1 mes5/i586/phpldapadmin-1.1.0.7-1.1mdvmes5.noarch.rpm 322afd2a91fb2e6c4448d3cf86de4c49 mes5/SRPMS/phpldapadmin-1.1.0.7-1.1mdvmes5.src.rpm
MES5 x86_64
51a833830eeaf5e5e1e8ffacd2e2fd90 mes5/x86_64/phpldapadmin-1.1.0.7-1.1mdvmes5.noarch.rpm 322afd2a91fb2e6c4448d3cf86de4c49 mes5/SRPMS/phpldapadmin-1.1.0.7-1.1mdvmes5.src.rpm