[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Mldonkey-bugs] [Bug #1373] Security: filename with a slash
From: |
nobody |
Subject: |
[Mldonkey-bugs] [Bug #1373] Security: filename with a slash |
Date: |
Tue, 04 Mar 2003 02:38:37 -0500 |
=================== BUG #1373: LATEST MODIFICATIONS ==================
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=1373&group_id=1409
Changes by: mldonkey admin <address@hidden>
Date: Tue 03/04/03 at 07:38 (GMT)
What | Removed | Added
---------------------------------------------------------------------------
Resolution | None | Fixed
Status | Open | Closed
------------------ Additional Follow-up Comments ----------------------------
fixed in current CVS 2.02-25
=================== BUG #1373: FULL BUG SNAPSHOT ===================
Submitted by: None Project: mldonkey, a free e-Donkey client
Submitted on: Wed 10/09/02 at 01:36
Category: Core Severity: 5 - Major
Bug Group: None Resolution: Fixed
Assigned to: None Status: Closed
Release: 1.16 Release:
Platform Version: Linux i386-i686 Binaries Origin: Downloaded from Savannah
Summary: Security: filename with a slash
Original Submission: When downloading a file called "this is/a file.zip",
mldonkey will create a directory called "this is" and download a file called "a
file.zip" inside. I don't think this should be allowed.
I haven't checked, but may be the same happens with a file called
"../../../etc/passwd". Anyone?
I guess mldonkey should remove all /'s from the local file name.
Regards,
Ernesto
xtango"at"netcombbs.com.ar
Follow-up Comments
*******************
-------------------------------------------------------
Date: Tue 03/04/03 at 07:38 By: mldonkey
fixed in current CVS 2.02-25
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=1373&group_id=1409
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Mldonkey-bugs] [Bug #1373] Security: filename with a slash,
nobody <=