LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

bonsai: multiple vulnerabilites

Package(s):bonsai CVE #(s):CAN-2003-0152 CAN-2003-0153 CAN-2003-0154 CAN-2003-0155
Created:March 21, 2003 Updated:March 26, 2003
Description: Remi Perrot fixed several security related bugs in bonsai, the Mozilla CVS query tool by web interface. Vulnerabilities include arbitrary code execution, cross-site scripting and access to configuration parameters.

The Common Vulnerabilities and Exposures project identifies the following problems:

  • CAN-2003-0152 - Remote execution of arbitrary commands as www-data

  • CAN-2003-0153 - Absolute path disclosure

  • CAN-2003-0154 - Cross site scriptiong attacks

  • CAN-2003-0155 - Unauthenticated access to parameters page
Alerts:
Debian DSA-265-1 2003-03-21
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds