Info

Disclosure

Dec 16, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Dec 16, 2007

Description

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS, Upgrade, Third-Party Solution
Exploit: Exploit Public
Disclosure: Vendor Verified

Solution

Upgrade to version 2.2.9 or higher, as it has been reported to fix this vulnerability. In addition, vugluskr has released a patch for some older versions.

Products

Unknown or Incomplete

References

Security Tracker: 1019914
CVE ID: 2007-6714 (see also: NVD)
Bugtraq ID: 28849
Secunia Advisory ID: 29903 29937 29984
VUPEN Advisory: ADV-2008-1321
Vendor Specific News/Changelog Entry: http://dbmail.org/index.php?page=news&id=44
Vendor Specific Solution URL: http://www.gentoo.org/security/en/glsa/glsa-200804-24.xml
Other Advisory URL: http://www.mail-archive.com/dbmail-dev@dbmail.org/msg09942.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00585.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/44561