Important security issue 1.4.4 Important security issue 1.4.4
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Important security issue 1.4.4

Started by thejake420, March 27, 2006, 10:43:38 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

thejake420

March 27, 2006, 10:43:38 AM
Couldn't post to the appropriate forum, and couldn't find the tracker...?

I'm updated to 1.4.4 (actually 1.4.3, with the manual edits as instructed since I wanted to patch the issue before the 1.4.4 version was released.)

I don't want to post the contents of the "bad" file for obvious reasons, but a user was able to upload a file that granted them access to my server. I fixed the issue manually, but it's a potentially nasty one that appears to be able to give the user direct and basically unrestricted access to my server.

Uploaded file: image.php.rar (which I obviously deleted)

Checked my server just in case, and it's a good thing because I found .index.php in the userpics (note the dot before the filename).

Admin - Please contact me directly for a copy of the offending PHP file so that you can decide how best to deal with this.


My email is: thejake420
-------------------------------------
at the domain: dvdhelp.us


Jake

Nibbler

#1
March 27, 2006, 01:45:06 PM
Please search the board for previous discussions on this issue.

thejake420

#2
March 28, 2006, 12:56:53 AM
Quote from: Nibbler on March 27, 2006, 01:45:06 PM
Please search the board for previous discussions on this issue.
I did, and received 0 results for .index.php or image.php.rar (the offending files), keywords which I would imagine would be included in a discussion of an issue relating to these files. Do you have a link please?

I had already applied the hotfix, but was obviously still NOT safe from the vulnerability, hence the reason I saw fit to report it here, as there is clearly another way for this vulnerability to be exploited.


Jake

thejake420

#4
March 28, 2006, 08:46:00 AM
Thank you. That was extremely helpful. (I did try searching... a lot. I just didn't find the threads above.)

Be aware that the hotfix did not completely dodge the vulnerability. (I have, of course, updated to 1.4.4 and added the appropriate .htaccess file, as well as sent a message explaining this server vulnerability to my host.)


Jake

Joachim Müller

#5
March 28, 2006, 09:47:02 AM
updating to cpg1.4.4 doesn't fix this issue, nor does putting a .htaccess file. To fix this, do as suggested on the threads I refered to and disallow the upload of .rar files in coppermine's config.
As suggested, this is not a coppermine issue, but a webserver vulnerability - fiddling with coppermine only cures the symptoms, but not the cause.
Print
Go Up Pages1
User actions