oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: Joomla unauthorised uploads before 2.5.14 / 3.1.5

From: cve-assign () mitre org
Date: Sat, 24 Aug 2013 10:46:33 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


http://developer.joomla.org/security/563-20130801-core-unauthorised-uploads.html
Code commit 2.5:
https://github.com/joomla/joomla-cms/commit/fa5645208eefd70f521cd2e4d53d5378622133d8
Code commit 3.1:
https://github.com/joomla/joomla-cms/commit/1ed07e257a2c0794ba19e864f7c5101e7e8c41d2

Issue also exists in 1.5 (end of life):
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31626

Exploit in the wild:
https://github.com/rapid7/metasploit-framework/pull/2219
http://www.cso.com.au/article/523528/joomla_patches_file_manager_vulnerability_responsible_hijacked_websites/


Here, the CVE abstraction for the main issue seems clear, so we are
assigning:

  CVE-2013-5576 - incomplete validation of $format in media.php in
                  Joomla! 1.5.x (before a certain unofficial patch),
                  2.x before 2.5.14, and 3.x before 3.1.5

The above tracker_item_id=31626 reference has other statements about
1.5.x security that might (or might not) be assigned other CVEs later.
For example:

  Adddate: 2013-08-01 16:35:29
    There seems, though, to be at least one more problem with the
    "media.php" file: the "defined('_JEXEC') or die('Restricted access')"
    execution protection is missing.

  (The security relevance of this is disputed later in the same item.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSGMUOAAoJEGvefgSNfHMdeuYH/3SpoMD4tUKNCNgkeY5zaRwo
Aw+dC/sfXt1KIDKCR6jX3nyxdZdcPjUs9dgdZtFYd1uQl9sj+Y67hCUyD16KZ3p+
rCkNidGl6X3RYPpERmzsNd4N9ty51ZmeK5Q7cISXGEXIKcaWnxX/fHyr/fN8boIb
+GwqvNHdBZTgTE5kmo8wpAGVCA7VaXgdGAXAWLqLJ4ADGumJAiaG8s5f6xuQcOgk
3B7AET8ms3qAbbDv/1BnYBXGOHOAHRN0uqjHgS0gBrEaSVxBFusrCr/9IzLn1w+e
NLmQdN2QfbSc6IXvp8LydMGaNQtv6E9cmH12wrakwi1EVfE28MlgOgcvYQSYQck=
=763k
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: