oss-sec mailing list archives

CVE Request: Parameter Injection in jCryption 3.0

From: David Tomaschik <david () systemoverlord com>
Date: Wed, 18 Jun 2014 06:45:37 -0700

jCryption 3.0 suffers from a parameter injection vulnerability due to
passing an attacker-controlled string to PHP's proc_open function.  Though
the PHP code is not distributed as a library, it is presented as a
copy-and-paste server side implementation to match the jQuery module, and
sites that have done so, or have left the jcryption.php file on their
server, are vulnerable.  This vulnerability (at least) allows an attacker
to read arbitrary files, including the RSA private key used by jCryption.

jCryption 3.0.1 fixes the issue and is available at
http://www.jcryption.org/.  Details are in the advisory on my blog:
https://systemoverlord.com/blog/2014/06/18/parameter-injection-in-jcryption/

-- 
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david () systemoverlord com

Current thread:

CVE Request: Parameter Injection in jCryption 3.0 David Tomaschik (Jun 18)
- Re: CVE Request: Parameter Injection in jCryption 3.0 cve-assign (Jun 18)