Debian: 2791-1: tryton-client: missing input sanitization
Nov05
on November 5, 2013
at 6:33 am
Posted In: Uncategorized
(Nov 4) Cedric Krier discovered that the Tryton client does not sanitize the file extension supplied by the server when processing reports. As a result, a malicious server could send a report with a crafted file extension that causes the client to write any local file to which the [More…]
Comment