Date: Fri, 17 Sep 2010 14:42:52 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: [oCERT-2010-003] Free Simple CMS path sanitization errors Please use CVE-2010-3307 for this. Thanks. -- JB ----- "Andrea Barisani" <lcars@...rt.org> wrote: > #2010-003 Free Simple CMS path sanitization errors > > Description: > > Free Simple CMS, an open source content management system, suffers > from > remote file inclusion vulnerabilities. > > Insufficient path sanitization on several query string parameters > leads to > inclusion of arbitrary files from remote sources, this could be > exploited to > execute arbitrary command or code. > > The vulnerable URLs are similar to the one referenced in a previously > disclosed file inclusion vulnerability affecting the same version of > the > software (see References). It has been discovered that 'body', > 'footer', > 'header', 'menu_left', 'menu_right' are also vulnerable to remote > file > inclusion. > > Affected version: > > Free Simple CMS <= 1.0 > > Fixed version: > > Free Simple CMS, N/A > > Credit: vulnerability report received from Evan Pitstick, > SecureWorks. > > CVE: N/A > > Timeline: > > 2010-08-20: vulnerability report received > 2010-08-22: contacted freesimplecms maintainer > 2010-08-24: maintainer replies, vulnerability report is provided > 2010-09-13: due to lack of feedback oCERT asks reporter to disclose > the > issue > 2010-09-14: reporter agrees to disclosure > 2010-09-17: oCERT advisory published > > References: > http://packetstormsecurity.org/1008-exploits/freesimplesoftware-rfi.txt > http://secunia.com/advisories/41001 > http://osvdb.org/67329 > > Permalink: > http://www.ocert.org/advisories/ocert-2010-003.html > > -- > Andrea Barisani | Founder & Project Coordinator > oCERT | Open Source Computer Emergency Response Team > > <lcars@...rt.org> http://www.ocert.org > 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E > "Pluralitas non est ponenda sine necessitate"
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ