'Re: [oss-security] CVE id request: syscp'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE id request: syscp
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-06-30 19:20:22
Message-ID: 1478872270.1642731277925622871.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]


----- "Nico Golde" <oss-security+ml@ngolde.de> wrote:

> Hi,
> can I get a CVE id for the following issue:
> "today I received a mail about a severe security problem in 
> the handling of open_basedir paths.  Customers are able to 
> add whatever path they want via the documentroot of a domain 
> by appending a colon to it and setting the open basedir path 
> to use that domain documentroot, not the customer root."
> 
> http://www.syscp-forum.org/index.php?topic=4981.0
> http://bugs.debian.org/587481
> 

Please use CVE-2010-2476

Thanks.

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic