[BusyBox 0001008]: httpd file traversal vulenrability

bugs at busybox.net bugs at busybox.net
Thu Aug 24 23:47:48 UTC 2006


The following issue has been SUBMITTED. 
====================================================================== 
http://busybox.net/bugs/view.php?id=1008 
====================================================================== 
Reported By:                bug-finder
Assigned To:                BusyBox
====================================================================== 
Project:                    BusyBox
Issue ID:                   1008
Category:                   Security
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     assigned
====================================================================== 
Date Submitted:             08-24-2006 16:47 PDT
Last Modified:              08-24-2006 16:47 PDT
====================================================================== 
Summary:                    httpd file traversal vulenrability
Description: 
the http daemon is vulenrable to a file traversal attack which can be
easily exploited when a url encoded dot is used this can lead to total
system compromise I have tested this with busybox 1.01 and i dont know if
other versions are vulenrable.


====================================================================== 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
08-24-06 16:47  bug-finder     New Issue                                    
08-24-06 16:47  bug-finder     Status                   new => assigned     
08-24-06 16:47  bug-finder     Assigned To               => BusyBox         
======================================================================




More information about the busybox-cvs mailing list