Trac may allow remote attackers to upload files, possibly leading to the execution of arbitrary code.
|Package||www-apps/trac on all architectures|
|Affected versions||< 0.8.4|
|Unaffected versions||>= 0.8.4|
Trac is a minimalistic web-based project management, wiki and bug tracking system including a Subversion interface.
Stefan Esser of the Hardened-PHP project discovered that Trac fails to validate the "id" parameter when uploading attachments to the wiki or the bug tracking system.
A remote attacker could exploit the vulnerability to upload arbitrary files to a directory where the webserver has write access to, possibly leading to the execution of arbitrary code.
There is no known workaround at this time.
All Trac users should upgrade to the latest available version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/trac-0.8.4"
June 22, 2005
June 22, 2005: 01