Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2009-2265 to a friend New vulnerability? New tool? Tell us	CVE-2009-2265 FCKeditor Input Sanitization Errors     Credit: The information has been provided by Andrea Barisani. The original article can be found at: http://www.ocert.org/advisories/ocert-2009-007.html Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2009-2265 Details Check for CVE-2009-2265 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * FCKeditor version 2.6.4 and prior Immune Systems:  * FCKeditor version 2.6.4.1  * FCKeditor version 3.0 The input of several connector modules is not properly verified before being used, this leads to exposure of the contents of arbitrary directories on the server filesystem and allows file uploading to arbitrary locations. The affected code is remotely exposed before authentication. An attacker can exploit this vulnerability to install remote shells on the victim server among other things, it should be noted that this vulnerability is being actively exploited in the wild. Additionally several XSS vulnerabilities are present in the packaged samples directory. A patch and a new FCKeditor version will be made available on Monday July 6th 16:00 CET, this advisory will be updated with detailed information about the issue and a security patch. In the meantime we strongly recommend to implement the following mitigation instructions: * removed unused connectors from 'editor\filemanager\connectors' * disable the file browser in config.ext * inspect all fckeditor folders on the server for suspicious files that may have been previously uploaded, as an example image directories (eg. 'fckeditor/editor/images/...') are well known target locations for remote php shells with extensions that match image files * completely remove the '_samples' directory CVE Information: CVE-2009-2265 Disclosure Timeline: 2009-05-03: vulnerability reported received 2009-05-04: contacted fckeditor maintainer 2009-05-25: maintainer denies reported issues against latest version 2009-05-25: reporter confirms that latest version is affected 2009-06-21: maintainer forwards report to project security maintainer 2009-06-23: security maintainer confirms CurrentFolder vulnerability 2009-06-24: security maintainer provides patch 2009-06-29: assigned CVE 2009-07-03: preliminary advisory release with mitigation instructions due to wide exposure of the issue  Comments on CVE-2009-2265:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®