SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   SPIP Vendors:   spip.net
SPIP Input Validation Flaws Let Remote Users Execute Arbitrary Commands
SecurityTracker Alert ID:  1009438
SecurityTracker URL:  http://securitytracker.com/id/1009438
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 16 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.7
Description:   A vulnerability was reported in the SPIP forum software. A remote user can execute arbitrary PHP code and operating system commands on the target system.

The nature of the vulnerability was not disclosed.

Impact:   A remote user can execute arbitrary operating system commands with the privileges of the target web service.
Solution:   The vulnerability has reportedly been corrected in version 1.7, available at:

http://www.spip.net/

Vendor URL:  www.spip.net/ (Links to External Site)
Cause:   Input validation error, State error

Message History:   None.


 Source Message Contents

Subject:  critical bug in spip < 1.7


Hi,

I'm contacting your team to inform you that there is a bug in spip <
1.7. This might be a really important bug.

This bug allows any remote visitor to execute php code w/ the web
server's userid. Combinated to other bugs like the mremap() kernel one,
it might be used to get a root shell on remote hosts (if we accept the
possibility that people who has not yet upgraded to the last spip
version has not upgraded their kernel since a while. -is that english ?
lol-).

So we have to make this bug public with its security fix. I've heard
about that problem had been ignored in the past, so if this bug still
remains hidden, I'll make it publicly available really quickly.

Please Cc: me if you answer this mail.
Thanks in advance.

-- 
Baptiste SIMON
     aka BeTa
A la recherche d'emploi
http://www.e-glop.net/

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC