|
|
AA-2009.0128 -- [Win][UNIX/Linux] -- DotNetNuke: Execute Arbitrary Code |
|
Date: 27 May 2009 Original URL: http://www.auscert.org.au/render.html?cid=33&it=11053 Click here for PGP verifiable version -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AA-2009.0128 AUSCERT Advisory
[Win][UNIX/Linux]
DotNetNuke: Execute Arbitrary Code
27 May 2009
- ---------------------------------------------------------------------------
AusCERT Advisory Summary
------------------------
Product: DotNetNuke
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact: Execute Arbitrary Code/Commands
Inappropriate Access
Access: Remote/Unauthenticated
Member content until: Wednesday, June 24 2009
OVERVIEW:
Two security vulnerabilities have been corrected in DotNetNuke.
IMPACT:
The vendor has provided the following information regarding these
vulnerabilities:
"Whilst installing DotNetNuke if an error occurs, as the custom error
handling system may not be in place a redirect is performed to an
error handling page. The error handling page optionally reads back a
querystring parameter that may contain additional error information.
Whilst this parameter is typically encoded, an invalid tag could be
used to bypass the filter, potentially to unencoded content being
echoed to the screen and could allow for script or html injection
issues." [1]
"DotNetNuke has a custom errorpage for handling displaying information
to users. The errorpage contains details of the current running
version. This information could be useful to hackers attempting to
profile an application." [2]
MITIGATION:
This vulnerability has been corrected in DotNetNuke 4.9.4.
REFERENCES:
[1] HTML/Script Code Injection Vulnerability
http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno27/tabid/1276/Default.aspx
[2] Errorpage information leakage
http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno26/tabid/1275/Default.aspx
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFKHLMDNVH5XJJInbgRAvzEAJsFrcAwTvGfj2OgwcVruEIIVKhBMwCfdNAd
NSyOHpkc9BC1zzMsz6+HkQ8=
=T2vn
-----END PGP SIGNATURE-----
|