Summary
The remote host is missing an update to trac
announced via advisory DSA 739-1.
Stefan Esser discovered an input validation flaw within Trac, a wiki and issue tracking system, that allows download/upload of files and therefore can lead to remote code execution in some configurations.
The old stable distribution (woody) does not contain the trac package.
Solution
For the stable distribution (sarge) this problem has been fixed in version 0.8.1-3sarge2.
For the unstable distribution (sid) this problem has been fixed in version 0.8.4-1.
We recommend that you upgrade your trac package.
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20739-1
Severity
Classification
-
CVE CVE-2005-2147 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
Related Vulnerabilities