[Secure-testing-team] unrelated notes for CVE-2007-3163
Florian Weimer
fw at deneb.enyo.de
Mon Oct 22 17:00:21 UTC 2007
* Nico Golde:
> CVE-2007-3163 (Incomplete blacklist vulnerability in the filemanager in Frederico ...)
> - moin 1.5.8-4.1 (unimportant; bug #429205)
> - knowledgeroot 0.9.8.2-2 (unimportant; bug #429204)
> - karrigell <unfixed> (unimportant; bug #429207)
> NOTE: This is only exploitable on NTFS filesystems
> NOTE: Given the state of Linux' NTFS support it seems highly unlikely
> NOTE: and given the state of ext3/XFS highly stupid to run a Debian-based
> NOTE: web server with NTFS
> TODO: Check, whether NTFS on Linux is affected at all, I doubt so
>
> The TODO and NOTES do not belong to this CVE but I don't want to remove them
> since they might be missing somewhere else. Anyone knows where they belong to?
I think the notes apply to the embedded copy of FckEditor. But there is
something that doesn't make much sense -- how can client-side Javascript
result in this bug?
More information about the Secure-testing-team
mailing list