Bug#529318: linux-2.6: CVE-2007-6514 smbfs information disclosure vulnerability
On Mon, May 18, 2009 at 12:06:58PM -0400, Michael S. Gilbert wrote:
> Package: linux-2.6
> Severity: important
> Tags: security
>
> Hi,
>
> The following CVE (Common Vulnerabilities & Exposures) id was
> published for linux-2.6.
>
> CVE-2007-6514[0]:
> | Apache HTTP Server, when running on Linux with a document root on a
> | Windows share mounted using smbfs, allows remote attackers to obtain
> | unprocessed content such as source files for .php programs via a
> | trailing "\" (backslash), which is not handled by the intended AddType
> | directive.
>
> If you fix the vulnerability please also make sure to include the
> CVE id in your changelog entry.
Have you been able to test this against recent kernels such as 2.6.30?
Cheers,
Moritz
Reply to: