FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-foolscap -- local file inclusion

Affected packages
py27-foolscap < 0.7.0
py32-foolscap < 0.7.0
py33-foolscap < 0.7.0
py34-foolscap < 0.7.0


VuXML ID 09fff0d9-4126-11e5-9f01-14dae9d210b8
Discovery 2014-09-23
Entry 2015-08-12

Brian Warner reports:

The "flappserver" feature was found to have a vulnerability in the service-lookup code which, when combined with an attacker who has the ability to write files to a location where the flappserver process could read them, would allow that attacker to obtain control of the flappserver process.