Trac: File upload vulnerability — GLSA 200506-21

Trac may allow remote attackers to upload files, possibly leading to the execution of arbitrary code.

Affected packages

www-apps/trac on all architectures
Affected versions < 0.8.4
Unaffected versions >= 0.8.4

Background

Trac is a minimalistic web-based project management, wiki and bug tracking system including a Subversion interface.

Description

Stefan Esser of the Hardened-PHP project discovered that Trac fails to validate the "id" parameter when uploading attachments to the wiki or the bug tracking system.

Impact

A remote attacker could exploit the vulnerability to upload arbitrary files to a directory where the webserver has write access to, possibly leading to the execution of arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All Trac users should upgrade to the latest available version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/trac-0.8.4"

References

Release date
June 22, 2005

Latest revision
June 22, 2005: 01

Severity
normal

Exploitable
remote

Bugzilla entries