|
|
|||||||
| FreeBSD Ports and Packages Installation and upgrading of ports and packages on FreeBSD. |
 |
|
|
Thread Tools | Display Modes |
14th May 2008
|
|||
|
|||
Swfdec read-only file access vulnerability
The following content has been taken from http://www.auscert.org.au/index.html
================================================== ========================= AA-2008.0111 AUSCERT Advisory [Linux][FreeBSD] Swfdec 0.6.4 released 14 May 2008 - --------------------------------------------------------------------------- AusCERT Advisory Summary ------------------------ Product: Swfdec Operating System: Linux variants FreeBSD Impact: Read-only Data Access Access: Remote/Unauthenticated CVE Names: CVE-2008-1834 Member content until: Wednesday, June 11 2008 OVERVIEW: Swfdec 0.6.4 has been released correcting a read-only file access vulnerability. IMPACT: The National Vulnerability Database [1], gives the following information regarding these vulnerabilities: o CVE-2008-1834: "swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file. [2] MITIGATION: Users can correct this vulnerability by upgrading to version 0.6.4 which is available at freedesktop.org [3] REFERENCES: [1] National Vulnerability Database http://nvd.nist.gov/ [2] National Vulnerability Database (CVE-2008-1834) http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1834 [3] Swfdec 0.6.4 released http://lists.freedesktop.org/archive...il/001321.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 
|
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| PHP read file contents - Maximum file size | cksraj | Programming | 1 | 21st September 2009 11:38 AM |
| Vulnerability | OldCoot | OpenBSD Security | 5 | 20th March 2009 07:44 PM |
| Default Apache won't read .css file | erehwon | OpenBSD General | 23 | 21st September 2008 10:21 PM |
| Remote Access to File Server | Oko | OpenBSD Security | 7 | 23rd June 2008 05:17 PM |
| DVD file read error | louie | FreeBSD General | 7 | 30th May 2008 03:50 PM |
Linear Mode
