DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Ports and Packages

FreeBSD Ports and Packages Installation and upgrading of ports and packages on FreeBSD.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 14th May 2008
corey_james corey_james is offline
Uber Geek
 
Join Date: Apr 2008
Location: Brisbane, Australia
Posts: 238
Thanked 4 Times in 10 Posts
Default Swfdec read-only file access vulnerability

The following content has been taken from http://www.auscert.org.au/index.html

================================================== =========================
AA-2008.0111 AUSCERT Advisory

[Linux][FreeBSD]
Swfdec 0.6.4 released
14 May 2008
- ---------------------------------------------------------------------------

AusCERT Advisory Summary
------------------------

Product: Swfdec
Operating System: Linux variants
FreeBSD
Impact: Read-only Data Access
Access: Remote/Unauthenticated
CVE Names: CVE-2008-1834
Member content until: Wednesday, June 11 2008

OVERVIEW:

Swfdec 0.6.4 has been released correcting a read-only file access
vulnerability.


IMPACT:

The National Vulnerability Database [1], gives the following
information regarding these vulnerabilities:

o CVE-2008-1834: "swfdec_load_object.c in Swfdec before 0.6.4 does
not properly restrict local file access from untrusted sandboxes,
which allows remote attackers to read arbitrary files via a
crafted Flash file. [2]


MITIGATION:

Users can correct this vulnerability by upgrading to version 0.6.4
which is available at freedesktop.org [3]


REFERENCES:

[1] National Vulnerability Database
http://nvd.nist.gov/

[2] National Vulnerability Database (CVE-2008-1834)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1834

[3] Swfdec 0.6.4 released
http://lists.freedesktop.org/archive...il/001321.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:

http://www.auscert.org.au/render.html?it=3192
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
PHP read file contents - Maximum file size cksraj Programming 1 21st September 2009 11:38 AM
Vulnerability OldCoot OpenBSD Security 5 20th March 2009 07:44 PM
Default Apache won't read .css file erehwon OpenBSD General 23 21st September 2008 10:21 PM
Remote Access to File Server Oko OpenBSD Security 7 23rd June 2008 05:17 PM
DVD file read error louie FreeBSD General 7 30th May 2008 03:50 PM


All times are GMT. The time now is 09:35 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick