Security Release for issue3446


Veröffentlicht: 2013-11-04 10:00:00+00:00   |   Прочесть по-русски   |   Lire en français   |   Read in English   |   Llegeix-ho en català   |   Beri v slovenščini   |   Leer en español   |  Weitere Einträge über release security

Synopsis

A vulnerability in tryton has been found, that might allow a malicious server to send a crafted extention as answer to a report request leading the client to write the report on any file of the client host with the right of the user running the client (see issue3446).

Impact

Any file can be created on the client host with the access permissions of the user running the client.

Workaround

Users should connect only to trusted servers.

Resolution

All users should upgrade to the latest version of the used series.

Concern?

Any security concerns should be reported on the bug-tracker at http://bugs.tryton.org/ with the type security.