CVE-2009-2265
Published: 5 July 2009
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
Notes
| Author | Note |
|---|---|
| jdstrand | affected code in moin occurs first in 1.8.0. The first release of Ubuntu to contain the affected code is 9.04, but by that time it uses the system fsckeditor, which is a Suggests and not installed by default |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
fckeditor Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Ignored
(end of life)
|
|
| intrepid |
Released
(1:2.6.2-1lenny1build0.8.10.1)
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Not vulnerable
(1:2.6.4.1-1)
|
|
| lucid |
Not vulnerable
|
|
| maverick |
Not vulnerable
|
|
| natty |
Not vulnerable
|
|
| oneiric |
Not vulnerable
|
|
| upstream |
Released
(2.6.4.1)
|
|
|
moin Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(code not present)
|
| hardy |
Not vulnerable
(code not present)
|
|
| intrepid |
Not vulnerable
(code not present)
|
|
| jaunty |
Not vulnerable
(system fckeditor)
|
|
| karmic |
Not vulnerable
(system fckeditor)
|
|
| lucid |
Not vulnerable
(system fckeditor)
|
|
| maverick |
Not vulnerable
(system fckeditor)
|
|
| natty |
Not vulnerable
(system fckeditor)
|
|
| oneiric |
Not vulnerable
(system fckeditor)
|
|
| upstream |
Needs triage
|