Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22121
HistoryJul 03, 2009 - 12:00 a.m.

[oCERT-2009-007] FCKeditor input sanitization errors

2009-07-0300:00:00
vulners.com
79
JSON

#2009-007 FCKeditor input sanitization errors

Description:

FCKeditor, a web based open source HTML text editor, suffers from a remote
file upload vulnerability.

The input of several connector modules is not properly verified before being
used, this leads to exposure of the contents of arbitrary directories on the
server filesystem and allows file uploading to arbitrary locations. The
affected code is remotely exposed before authentication. An attacker can
exploit this vulnerability to install remote shells on the victim server
among other things, it should be noted that this vulnerability is being
actively exploited in the wild.

Additionally several XSS vulnerabilities are present in the packaged samples
directory.

A patch and a new FCKeditor version will be made available on Monday July 6th
16:00 CET, this advisory will be updated with detailed information about the
issue and a security patch.

In the meantime we strongly recommend to implement the following
mitigation instructions:

  • removed unused connectors from 'editor\filemanager\connectors'

  • disable the file browser in config.ext

  • inspect all fckeditor folders on the server for suspicious files that
    may have been previously uploaded, as an example image directories
    (eg. 'fckeditor/editor/images/…') are well known target locations
    for remote php shells with extensions that match image files

  • completely remove the '_samples' directory

Affected version:

FCKeditor <= 2.6.4

(version 3.0 is unaffected as it does not have any built-in file browser)

Fixed version:

FCKeditor >= 2.6.4.1 (to be released on 2009-07-06 16:00 CET)

Credit: vulnerability report received from Vinny Guido <bigvin [at]
hushmail [dot] com>.

CVE: CVE-2009-2265

Timeline:

2009-05-03: vulnerability reported received
2009-05-04: contacted fckeditor maintainer
2009-05-25: maintainer denies reported issues against latest version
2009-05-25: reporter confirms that latest version is affected
2009-06-21: maintainer forwards report to project security maintainer
2009-06-23: security maintainer confirms CurrentFolder vulnerability
2009-06-24: security maintainer provides patch
2009-06-29: assigned CVE
2009-07-03: preliminary advisory release with mitigation instructions due to
wide exposure of the issue

Permalink:
http://www.ocert.org/advisories/ocert-2009-007.html


Andrea Barisani | Founder & Project Coordinator
oCERT | Open Source Computer Emergency Response Team

<[email protected]> http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Pluralitas non est ponenda sine necessitate"

Related

debian 3
fedora 5
zdt 1
nessus 6
packetstorm 2
openvas 12
securityvulns 2
canvas 1
debiancve 1
prion 1
ubuntucve 1
cve 1
exploitdb 1
seebug 1
checkpoint_advisories 1
debian
debian
[Backports-security-announce] Security Update for egroupware
2009-08-04 18:52:05
[SECURITY] [DSA 1836-1] New fckeditor packages fix arbitrary code execution
2009-07-16 17:55:39
[Backports-security-announce] Security Update for egroupware
2009-08-04 18:10:26
fedora
fedora
[SECURITY] Fedora 11 Update: moin-1.8.7-1.fc11
2010-02-20 00:15:56
[SECURITY] Fedora 11 Update: moin-1.8.4-2.fc11
2009-07-19 10:36:56
[SECURITY] Fedora 11 Update: moin-1.8.8-1.fc11
2010-06-14 17:22:06
zdt
zdt
Adobe ColdFusion 8 - Remote Command Execution Exploit
2021-06-25 00:00:00
nessus
nessus
Fedora 10 : moin-1.6.4-3.fc10 (2009-7761)
2009-07-20 00:00:00
Adobe ColdFusion FCKeditor 'CurrentFolder' File Upload
2009-07-14 00:00:00
Debian DSA-1836-1 : fckeditor - missing input sanitising
2010-02-24 00:00:00
packetstorm
packetstorm
Adobe ColdFusion 8 Remote Command Execution
2021-06-24 00:00:00
ColdFusion 8.0.1 Arbitrary File Upload And Execute
2010-11-03 00:00:00
openvas
openvas
Fedora Update for moin FEDORA-2010-1743
2010-03-02 00:00:00
Fedora Core 11 FEDORA-2009-7794 (moin)
2009-07-29 00:00:00
Fedora Core 11 FEDORA-2009-7794 (moin)
2009-07-29 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 1836-1] New fckeditor packages fix arbitrary code execution
2009-07-18 00:00:00
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2009-07-03 00:00:00
canvas
canvas
Immunity Canvas: FCKEDITOR
2009-07-05 16:30:00
debiancve
debiancve
CVE-2009-2265
2009-07-05 16:30:00
prion
prion
Directory traversal
2009-07-05 16:30:00
ubuntucve
ubuntucve
CVE-2009-2265
2009-07-05 00:00:00
cve
cve
CVE-2009-2265
2009-07-05 16:30:00
exploitdb
exploitdb
Adobe ColdFusion 8 - Remote Command Execution (RCE)
2021-06-24 00:00:00
seebug
seebug
FCKeditor connectors模块多个跨站脚本及目录遍历漏洞
2009-07-07 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe ColdFusion FCKeditor Input Validation Flaw Arbitrary File Upload (CVE-2008-6178; CVE-2009-2265)
2014-11-17 00:00:00
JSON
Related for SECURITYVULNS:DOC:22121
debian3fedora5zdt1nessus6packetstorm2openvas12securityvulns2canvas1debiancve1prion1ubuntucve1cve1exploitdb1seebug1checkpoint_advisories1