Nom du paquet
phpldapadmin
Date
2010-01-21
Advisory ID
MDVSA-2010:023
Affected versions
MES5 i586 , MES5 x86_64

Problem description

A vulnerability has been found and corrected in phpldapadmin:

Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5
allows remote attackers to include and execute arbitrary local files
via a .. (dot dot) in the cmd parameter (CVE-2009-4427).

The updated packages have been patched to correct thies issue.

Updated packages

MES5 i586

 04269a24be47cae01b6ad81ad46128a1  mes5/i586/phpldapadmin-1.1.0.7-1.1mdvmes5.noarch.rpm 
 322afd2a91fb2e6c4448d3cf86de4c49  mes5/SRPMS/phpldapadmin-1.1.0.7-1.1mdvmes5.src.rpm

MES5 x86_64

 51a833830eeaf5e5e1e8ffacd2e2fd90  mes5/x86_64/phpldapadmin-1.1.0.7-1.1mdvmes5.noarch.rpm 
 322afd2a91fb2e6c4448d3cf86de4c49  mes5/SRPMS/phpldapadmin-1.1.0.7-1.1mdvmes5.src.rpm

References