Debian Security Advisory
mirror -- Incorrect directory name handling in mirror
- Date Reported:
- 18 Oct 1999
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2000-0354.
- More information:
We have received reports that the version of mirror as distributed in Debian
GNU/Linux 2.1 could be remotely exploited. When mirroring a remote site, its
malicious owner could use filename-constructions like ".." that
would cause mirror to work one level above the target directory for the
mirrored files and thus unknowingly overwrite local data.
- Fixed in:
- Architecture-independent component: