CVE-2009-2265

Published: 05 July 2009

Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.

Priority

Low

Status

Package Release Status
fckeditor
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.4.1)
moin
Launchpad, Ubuntu, Debian
Upstream Needs triage

Notes

AuthorNote
jdstrand
affected code in moin occurs first in 1.8.0. The first release
of Ubuntu to contain the affected code is 9.04, but by that time it
uses the system fsckeditor, which is a Suggests and not installed by
default

References