Package: acidbase Severity: grave Tags: security Justification: user security hole
http://www.frsirt.com/english/advisories/2006/1996 Advisory ID : FrSIRT/ADV-2006-1996 CVE ID : GENERIC-MAP-NOMATCH Rated as : High Risk Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-05-26 Technical Description Multiple vulnerabilities have been identified in Basic Analysis and Security Engine (BASE), which could be exploited by attackers to execute arbitrary commands. These flaws are due to input validation errors in the "base_qry_common.php", "base_stat_common.php", and "includes/base_include.inc.php" scripts that do not validate the "BASE_path" parameter, which could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server. Affected Products Basic Analysis and Security Engine (BASE) 1.2.4 and prior -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-2-686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
