lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 20 Jan 2011 17:10:57 +0100
From: Daniel Niggebrugge <Niggebrugge@...-it.com>
To: "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Subject: DotNetNuke Remote Code Execution vulnerability

=======================================
Vulnerability discovered: November 23, 2010
Discovered by: Daniƫl Niggebrugge, Fox-IT BV (https://www.fox-it.com/)
Reported to vendor: November 30, 2010
Fix available: Yes
=======================================

PRODUCT
-------------
DotNetNuke is an open source Content Management System (CMS) based on Microsoft ASP.NET. DotNetNuke powers over 600,000 production web sites worldwide. More information can be found at:
http://www.dotnetnuke.com/Intro/AtAGlance/tabid/1579/Default.aspx

VULNERABILITY
-------------
An anonymous attacker can upload ASPX files, access these files and is then able to execute arbitrary commands on the web server. This leads to full compromise of the DotNetNuke environment and possibly compromise of other web applications and/or information on the web server.

Fox-IT verified DotNetNuke version 05.06.00 (459) to be vulnerable to this issue.

FIX
-------------
This issue has been fixed in DotNetNuke version 05.06.01. Fox-IT advises to test and deploy this new version as soon as possible.

DETAILS
-------------
The vulnerability is caused by several web pages of DotNetNuke that insufficiently enforce authorization checks. Depending on the function of the vulnerable web page, several issues might arise. The most severe issue makes it possible to upload executable files without proper authorizations and execute arbitrary commands on the web server.

REFERENCES
-------------
Original report:
http://www.fox-it.com/en/news-and-events/news/recent-news/news-article/dotnetnuke-remote-code-execution-vulnerability-discovered-by-fox-it/174

DotNetNuke security bulletin:
http://www.dotnetnuke.com/securitybulletinno46/tabid/2113/Default.aspx

Powered by blists - more mailing lists