Debian Security Advisory DSA 2146-1 (mydms) Network Vulnerability

Summary

The remote host is missing an update to mydms announced via advisory DSA 2146-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202146-1

Insight

D. Fabian and L. Weichselbaum discovered a directory traversal vulnerability in MyDMS, a open-source document management system based on PHP and MySQL. For the stable distribution (lenny), this problem has been fixed in version 1.7.0-1+lenny1. The testing distribution (squeeze) and the unstable distribution (sid) no longer contain mydms packages. We recommend that you upgrade your mydms packages.

Severity

Classification

CVE CVE-2010-2006

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1062-1 (kphone)
Debian Security Advisory DSA 1000-2 (libapreq2-perl)
Debian Security Advisory DSA 1080-1 (dovecot)
Debian Security Advisory DSA 1061-1 (popfile)
Debian Security Advisory DSA 1022-1 (storebackup)

Take action and discover your vulnerabilities