[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Mldonkey-bugs] [Bug #1373] Security: filename with a slash
|
From: |
nobody |
|
Subject: |
[Mldonkey-bugs] [Bug #1373] Security: filename with a slash |
|
Date: |
Tue, 08 Oct 2002 21:36:13 -0400 |
=================== BUG #1373: FULL BUG SNAPSHOT ===================
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=1373&group_id=1409
Submitted by: None Project: mldonkey, a free e-Donkey
client
Submitted on: 2002-Oct-08 21:36
Category: Core Severity: 5 - Major
Bug Group: None Resolution: None
Assigned to: None Status: Open
Release: 1.16 Release:
Platform Version: Linux i386-i686 Binaries Origin: Downloaded from
Savannah
Summary: Security: filename with a slash
Original Submission: When downloading a file called "this is/a file.zip",
mldonkey will create a directory called "this is" and download a file called "a
file.zip" inside. I don't think this should be allowed.
I haven't checked, but may be the same happens with a file called
"../../../etc/passwd". Anyone?
I guess mldonkey should remove all /'s from the local file name.
Regards,
Ernesto
xtango"at"netcombbs.com.ar
No Followups Have Been Posted
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=1373&group_id=1409
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Mldonkey-bugs] [Bug #1373] Security: filename with a slash,
nobody <=