Advisory ID:
SA-2011-1
Version:
< 0.7.6
Security risk:
Moderately critical
Exploitable from:
Remote
Vulnerability:
Directory traversal

Description

User input in the log in page is not properly validated by www/filesystem.store.inc before looking for an identity file using the specified user name. This may lead to a directory traversal vulnerability where an attacker with write access to any part of the server can create an identity file and thus assert any identity URL the attacker can claim.

Versions affected

  • All versions prior to 0.7.6
  • SVN versions prior to revision 368

Solution

Install the latest version:

Alternatively, apply the this patch to www/filesystem.store.inc

Reported by

Matt McCutchen