Re: [oCERT-2010-003] Free Simple CMS path sanitization errors

[Josh Bressers <bressers () redhat com>]

Please use CVE-2010-3307 for this.

Thanks.

-- 
    JB


----- "Andrea Barisani" <lcars () ocert org> wrote:

> #2010-003 Free Simple CMS path sanitization errors
>
> Description:
>
> Free Simple CMS, an open source content management system, suffers
> from
> remote file inclusion vulnerabilities.
>
> Insufficient path sanitization on several query string parameters
> leads to
> inclusion of arbitrary files from remote sources, this could be
> exploited to
> execute arbitrary command or code.
>
> The vulnerable URLs are similar to the one referenced in a previously
> disclosed file inclusion vulnerability affecting the same version of
> the
> software (see References). It has been discovered that 'body',
> 'footer',
> 'header', 'menu_left', 'menu_right' are also vulnerable to remote
> file
> inclusion.
>
> Affected version:
>
> Free Simple CMS <= 1.0
>
> Fixed version:
>
> Free Simple CMS, N/A
>
> Credit: vulnerability report received from Evan Pitstick,
> SecureWorks.
>
> CVE: N/A
>
> Timeline:
>
> 2010-08-20: vulnerability report received
> 2010-08-22: contacted freesimplecms maintainer
> 2010-08-24: maintainer replies, vulnerability report is provided
> 2010-09-13: due to lack of feedback oCERT asks reporter to disclose
> the
>             issue
> 2010-09-14: reporter agrees to disclosure
> 2010-09-17: oCERT advisory published
>
> References:
> http://packetstormsecurity.org/1008-exploits/freesimplesoftware-rfi.txt
> http://secunia.com/advisories/41001
> http://osvdb.org/67329
>
> Permalink:
> http://www.ocert.org/advisories/ocert-2010-003.html
>
> -- 
> Andrea Barisani |                Founder & Project Coordinator
>           oCERT | Open Source Computer Emergency Response Team
>
> <lcars () ocert org>                         http://www.ocert.org
>  0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
>         "Pluralitas non est ponenda sine necessitate"