Trac: File upload vulnerability
Gentoo Linux Security Advisory
||GLSA 200506-21 / trac
||June 22, 2005
||June 22, 2005: 01
All supported architectures
Trac may allow remote attackers to upload files, possibly leading to the
execution of arbitrary code.
Trac is a minimalistic web-based project management, wiki and bug
tracking system including a Subversion interface.
Stefan Esser of the Hardened-PHP project discovered that Trac
fails to validate the "id" parameter when uploading attachments to the
wiki or the bug tracking system.
A remote attacker could exploit the vulnerability to upload
arbitrary files to a directory where the webserver has write access to,
possibly leading to the execution of arbitrary code.
There is no known workaround at this time.
All Trac users should upgrade to the latest available version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/trac-0.8.4"