Debian Local Security Checks : Debian Security Advisory DSA 4142-1 (uwsgi

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.704142

Kategorie: Debian Local Security Checks

Titel: Debian Security Advisory DSA 4142-1 (uwsgi - security update)

Zusammenfassung: Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast,;self-healing application container server, does not properly handle a;DOCUMENT_ROOT check during use of the --php-docroot option, allowing a;remote attacker to mount a directory traversal attack and gain;unauthorized read access to sensitive files located outside of the web;root directory.

Beschreibung: Summary:
Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast,
self-healing application container server, does not properly handle a
DOCUMENT_ROOT check during use of the --php-docroot option, allowing a
remote attacker to mount a directory traversal attack and gain
unauthorized read access to sensitive files located outside of the web
root directory.

Affected Software/OS:
uwsgi on Debian Linux

Solution:
For the oldstable distribution (jessie), this problem has been fixed
in version 2.0.7-1+deb8u2. This update additionally includes the fix for
CVE-2018-6758
which was aimed to be addressed in the upcoming jessie
point release.

For the stable distribution (stretch), this problem has been fixed in
version 2.0.14+20161117-3+deb9u2.

We recommend that you upgrade your uwsgi packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-6758
http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html
https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe
https://lists.debian.org/debian-lts-announce/2018/02/msg00010.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-7490
Debian Security Information: DSA-4142 (Google Search)
https://www.debian.org/security/2018/dsa-4142
https://www.exploit-db.com/exploits/44223/

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.704142
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 4142-1 (uwsgi - security update)
Zusammenfassung:	Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast,;self-healing application container server, does not properly handle a;DOCUMENT_ROOT check during use of the --php-docroot option, allowing a;remote attacker to mount a directory traversal attack and gain;unauthorized read access to sensitive files located outside of the web;root directory.
Beschreibung:	Summary: Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, self-healing application container server, does not properly handle a DOCUMENT_ROOT check during use of the --php-docroot option, allowing a remote attacker to mount a directory traversal attack and gain unauthorized read access to sensitive files located outside of the web root directory. Affected Software/OS: uwsgi on Debian Linux Solution: For the oldstable distribution (jessie), this problem has been fixed in version 2.0.7-1+deb8u2. This update additionally includes the fix for CVE-2018-6758 which was aimed to be addressed in the upcoming jessie point release. For the stable distribution (stretch), this problem has been fixed in version 2.0.14+20161117-3+deb9u2. We recommend that you upgrade your uwsgi packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-6758 http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe https://lists.debian.org/debian-lts-announce/2018/02/msg00010.html Common Vulnerability Exposure (CVE) ID: CVE-2018-7490 Debian Security Information: DSA-4142 (Google Search) https://www.debian.org/security/2018/dsa-4142 https://www.exploit-db.com/exploits/44223/
Copyright	Copyright (C) 2018 Greenbone Networks GmbH