Debian Security Advisory

boa -- exposes contents of local files

Date Reported:
09 Oct 2000
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2000-0920.
More information:
In versions of boa before, it is possible to access files outside of the server's document root by the use of properly constructed URL requests.

This problem is fixed in version, uploaded to Debian's unstable distribution on October 3, 2000. Fixed packages are also available in proposed-updates and will be included in the next revision of Debian/2.2 (potato).

Debian GNU/Linux 2.1 (slink) contains Boa version 0.93.15. This version is no longer supported; we recommend that slink users upgrade to potato, or recompile the current Boa packages on their slink systems.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Intel ia32:
Motorola 680x0:
Sun Sparc: