[bug] Remote include file ....

tuxsoul · March 09, 2007, 07:32:39 PM

Hi, i see in securityfocus a new report of bug, can developer's check please

http://www.securityfocus.com/archive/1/462322/30/0/threaded

Joachim Müller · March 09, 2007, 08:27:27 PM

Valid report, moving to bugs section. Needs looking into, please stay tuned for the fix.

Nibbler · March 09, 2007, 09:10:38 PM

There are no vulnerabilities here, seems to be the result of an automated code scanner.

Joachim Müller · March 10, 2007, 12:35:17 PM

Imo there are vulnerabilities on certain, unsecure server-setups, with the vars in the URL not being defined within the script under all circumstances. Best practise is to define all vars used, particularly those that are being used as a path or the ones sent to the shell using exec.
The fixes for the vulnerabilities are easy: just add

Code Select

$cmd = '';and similar to the top of the pages that are being mentioned.
Imo this should be fixed, and yes, they even justify a maintenance release imo.

Nibbler · March 10, 2007, 01:26:21 PM

Well that is what they scanned for, but I didn't find any cases which were actually exploitable. They were contained within functions so no injected variables would be in scope. I agree they should be fixed but I don't think it warrants a release unless the flaws can actually be abused. Maybe I missed something.

Joachim Müller · March 11, 2007, 11:06:57 AM

Yes, they reside within functions, you're right.

coppermine-gallery.com/forum

News:

[bug] Remote include file ....

tuxsoul

Joachim Müller

Nibbler

Joachim Müller

Nibbler

Joachim Müller