Info

Disclosure

Oct 14, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Ansel contains a flaw that may allow a malicious user to access arbitrary files. The issue is triggered when a photo album is created. Ansel creates the ablums with insecure permissions. It is possible that the flaw may allow access to web readable directories resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Misconfiguration
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Federico David Sacerdoti	Ansel	2.0
		1.4
		1.3
		1.2

References

Security Tracker: 1011775
Bugtraq ID: 11420
ISS X-Force ID: 17767
CVE ID: 2004-2203 (see also: NVD)
Vendor URL: http://freshmeat.net/projects/ansel/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Federico David Sacerdoti

Ansel

References

Credit