FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-foolscap -- local file inclusion

Affected packages
py27-foolscap < 0.7.0
py32-foolscap < 0.7.0
py33-foolscap < 0.7.0
py34-foolscap < 0.7.0

Details

VuXML ID 09fff0d9-4126-11e5-9f01-14dae9d210b8
Discovery 2014-09-23
Entry 2015-08-12

Brian Warner reports:

The "flappserver" feature was found to have a vulnerability in the service-lookup code which, when combined with an attacker who has the ability to write files to a location where the flappserver process could read them, would allow that attacker to obtain control of the flappserver process.

[source]

References

URL http://foolscap.lothar.com/trac/ticket/226
URL https://github.com/warner/foolscap/blob/a17218e18e01c05a9655863cd507b80561692c14/NEWS

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.