CVE-2009-0841 | HackTesting

Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter.

References

http://www.positronsecurity.com/advisories/2009-000.html

http://www.securitytracker.com/id?1021952

http://www.securityfocus.com/archive/1/502271/100/0/threaded

http://secunia.com/advisories/34603

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html

http://www.securityfocus.com/bid/34306

http://secunia.com/advisories/34520

http://www.debian.org/security/2009/dsa-1914

https://exchange.xforce.ibmcloud.com/vulnerabilities/49548

http://trac.osgeo.org/mapserver/ticket/2942

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html

http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html