Secunia Security Advisory - A vulnerability has been discovered in eFront, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to disclose sensitive information.
3d094ed3c37c285d504c9db5696a58dfd06bf62cd40f873636e3f3f7f55fbc17
----------------------------------------------------------------------
Use WSUS to deploy 3rd party patches
Public BETA
http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/
----------------------------------------------------------------------
TITLE:
eFront "langname" Local File Inclusion Vulnerability
SECUNIA ADVISORY ID:
SA38973
VERIFY ADVISORY:
http://secunia.com/advisories/38973/
DESCRIPTION:
A vulnerability has been discovered in eFront, which can be exploited
by malicious users to compromise a vulnerable system and by malicious
people to disclose sensitive information.
Input passed to the "langname" parameter in
www/editor/tiny_mce/langs/language.php is not properly verified
before being used to include files. This can be exploited to include
arbitrary files from local resources via directory traversal
sequences and URL-encoded NULL bytes.
Successful exploitation with arbitrary file extensions requires that
"magic_quotes_gpc" is disabled.
NOTE: This can further be exploited to execute arbitrary PHP code by
uploading and including files containing PHP code via the "New
Message" functionality in the "Personal Messages" section.
The vulnerability is confirmed in version 3.5.5. Other versions may
also be affected.
SOLUTION:
Update to version 3.6 or apply the patch.
https://sourceforge.net/projects/efrontlearning/files/efront_3.5.x_editor_security_patch.zip/download
PROVIDED AND/OR DISCOVERED BY:
Core Security Technologies credits 7safe's Penetration Testing Team.
ORIGINAL ADVISORY:
eFront:
http://forum.efrontlearning.net/viewtopic.php?f=15&t=1945
http://www.efrontlearning.net/product/efront-news/265-important-security-fix.html
Core Security Technologies:
http://www.coresecurity.com/content/efront-php-file-inclusion
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------