| Name | CVE-2009-2265 |
| Description | Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-1836-1 |
| Debian Bugs | 536051, 538722 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| egroupware | source | lenny | 1.4.004-2.dfsg-4.2 | |||
| egroupware | source | (unstable) | 1.6.002+dfsg-1 | low | ||
| fckeditor | source | lenny | 1:2.6.2-1lenny1 | DSA-1836-1 | ||
| fckeditor | source | (unstable) | 1:2.6.4.1-1 | medium | 536051 | |
| gforge | source | etch | (not affected) | |||
| gforge | source | (unstable) | 4.6.99+svn6225-1 | |||
| karrigell | source | etch | (not affected) | |||
| karrigell | source | (unstable) | (unfixed) | |||
| knowledgeroot | source | (unstable) | 0.9.8.5-3 | medium | 538722 | |
| moin | source | etch | (not affected) | |||
| moin | source | lenny | (unfixed) | unimportant | ||
| moin | source | (unstable) | 1.8.2-2 | |||
| request-tracker3.8 | source | (unstable) | (not affected) |
http://dev.fckeditor.net/changeset/3815/FCKeditor/trunk/editor/filemanager
moin from 1.8.2-2 uses systemwide copy of fckeditor
[etch] - moin <not-affected> (Vulnerable code not present)
moin in lenny provides FCKeditor as example files (/usr/share/doc)
- request-tracker3.8 <not-affected> (Vulnerable code not present)
[etch] - gforge <not-affected> (doesn't contain FCKeditor)
[etch] - karrigell <not-affected> (Vulnerable code not present)
knowledgeroot from 0.9.8.5-3 uses systemwide copy of fckeditor