Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 17 Sep 2010 14:42:52 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: [oCERT-2010-003] Free Simple CMS path
 sanitization errors

Please use CVE-2010-3307 for this.

Thanks.

-- 
    JB


----- "Andrea Barisani" <lcars@...rt.org> wrote:

> #2010-003 Free Simple CMS path sanitization errors
> 
> Description:
> 
> Free Simple CMS, an open source content management system, suffers
> from
> remote file inclusion vulnerabilities.
> 
> Insufficient path sanitization on several query string parameters
> leads to
> inclusion of arbitrary files from remote sources, this could be
> exploited to
> execute arbitrary command or code.
> 
> The vulnerable URLs are similar to the one referenced in a previously
> disclosed file inclusion vulnerability affecting the same version of
> the
> software (see References). It has been discovered that 'body',
> 'footer',
> 'header', 'menu_left', 'menu_right' are also vulnerable to remote
> file
> inclusion.
> 
> Affected version:
> 
> Free Simple CMS <= 1.0
> 
> Fixed version:
> 
> Free Simple CMS, N/A
> 
> Credit: vulnerability report received from Evan Pitstick,
> SecureWorks.
> 
> CVE: N/A
> 
> Timeline:
> 
> 2010-08-20: vulnerability report received
> 2010-08-22: contacted freesimplecms maintainer
> 2010-08-24: maintainer replies, vulnerability report is provided
> 2010-09-13: due to lack of feedback oCERT asks reporter to disclose
> the
>             issue
> 2010-09-14: reporter agrees to disclosure
> 2010-09-17: oCERT advisory published
> 
> References:
> http://packetstormsecurity.org/1008-exploits/freesimplesoftware-rfi.txt
> http://secunia.com/advisories/41001
> http://osvdb.org/67329
> 
> Permalink:
> http://www.ocert.org/advisories/ocert-2010-003.html
> 
> -- 
> Andrea Barisani |                Founder & Project Coordinator
>           oCERT | Open Source Computer Emergency Response Team
> 
> <lcars@...rt.org>                         http://www.ocert.org
>  0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
>         "Pluralitas non est ponenda sine necessitate"

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ