> My original (descriptive) posting to the Full-Disclosure list can be
> read here:
>
> http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048853.html
<quote>
Systems Affected:
Since at least 2003, all versions of ASSP on any platform running Perl.
[...]
Two identical lines in the Perl code provide checks against this
"get?file" functionality. One line is used for the web site interface
itself (for loading images and CSS); the other is for administratively
opening text files for remote-editing purposes. The line of code in
question is:
if ($fil=~/\.\./) {
As you can see, the only check performed here is if the file path
requested contains ".." .
</quote>
but, a couple lines futher there is a line:
$fil="$base/$fil" if $fil!~/^\Q$base\E/i;
(at least in cvs's 1.1.2b1 version, which I happen to commit),
which efectivelly protects from getting outside base dir.
And that line was changed in next versions to:
$fil="$base/$fil" if $fil!~/^(([a-z]:)?[\/\\]|\Q$base\E)/; # oops
So, the current cvs version - although not a recent one -
is NOT affected ;-)
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
