=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN554
_____________________________________________________________________

DATE                      : 24/12/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running phpLDAPadmin.

======================================================================
http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page
______________________________________________________________________

IMPORTANT NOTE: A security vulnerability has been reported in phpLDAPadmin 1.1.x,
whereby a user can use a null terminated URL to view the contents of files on your
server (eg: /etc/passwd). This vulnerability is confirmed in 1.1.0.7 and
probably exists in previous releases. It does not appear to affect 1.2.x.

I recommend you update to the latest version of PLA 1.2, either download it
directly from sourceforge or encourage your Linux distribution to make
available a 1.2 version (if they dont already have it).



======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================