lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201502051029.t15ATvZr014711@sf01web1.securityfocus.com>
Date: Thu, 5 Feb 2015 10:29:57 GMT
From: borg@...vernet.se
To: bugtraq@...urityfocus.com
Subject: CVE-2015-1172 Wordpress-theme remote arbitrary code

Product: holding_pattern
Vendor: Liftux
Vulnerable Version(s): 0.6 and prior
Tested Version: 0.6
Advisory Publication: January 18, 2015
Vendor Notification: January 14, 2015
Public Disclosure: January 18, 2015
Vulnerability Type: Exec Code
Authentication: Not required to exploit
CVE Reference: CVE-2015-1172
Risk Level: Medium
CVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Solution Status: Solution Unavailable, Product EOL
Discovered and Provided: Alexander Borg ( http://www.servernet.se )

-----------------------------------------------------------------------------------------------

Advisory Details:

The holding_pattern Wordpress-theme is prone to a vulnerability that allows attackers to upload arbitrary files. The application uses limited validation which means unauthorized upload is allowed.

An attacker can exploit this vulnerability to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation.

-----------------------------------------------------------------------------------------------

Solution:

Disclosure timeline:
2015-01-14 Vendor Alerted via email.
2015-01-14 Fix Requested via email.
2015-01-14 Vendor made clear no patch will be available.
2015-01-18 Public disclosure.

Currently we are not aware of any official solution for this vulnerability. Product is EOL and no security fixes will be made available.
Temporary solution may be to remove the file admin/upload-file.php

-----------------------------------------------------------------------------------------------

Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ