CVE-2002-1841
CVSS5.0
发布时间 :2002-12-31 00:00:00
修订时间 :2016-10-17 22:27:36
NMCO    

[原文]The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4.


[CNNVD]Noguska Nola远程文件包含漏洞(CNNVD-200212-789)

        NOLA 1.1.1和1.1.2版本中的文件管理模块限制上传文件类型,远程攻击者可以上传和执行任意含有扩展例如.php4的PHP文件。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:noguska:nola:1.1.2
cpe:/a:noguska:nola:1.1.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1841
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1841
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-789
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=vuln-dev&m=102511114021370&w=2
(UNKNOWN)  VULN-DEV  20020625 Noguska Nola 1.1.1 [ Intranet Business Management Software ]
http://marc.info/?l=vuln-dev&m=102520790718208&w=2
(UNKNOWN)  VULN-DEV  20020702 Re: Noguska Nola 1.1.1 [ Intranet Business Management Software ]
http://www.iss.net/security_center/static/9438.php
(UNKNOWN)  XF  nola-php-script-upload(9438)
http://www.securityfocus.com/bid/5116
(PATCH)  BID  5116

- 漏洞信息

Noguska Nola远程文件包含漏洞
中危 配置错误
2002-12-31 00:00:00 2005-10-20 00:00:00
远程  
        NOLA 1.1.1和1.1.2版本中的文件管理模块限制上传文件类型,远程攻击者可以上传和执行任意含有扩展例如.php4的PHP文件。

- 公告与补丁

        Reportedly, exploitation of this type of vulnerability is not possible unless both 'allow_url_fopen' and 'register_globals' are enabled in the local site PHP configuration.
        It is good practice to disable any unneeded options.
        The following patch was produced by Ryan Fox to circumvent this vulnerability by defining disallowed file extensions:
        diff -r nola/docmgmtadd.php nola.orig/docmgmtadd.php
        120,130d119
        < $nondisallowedfile=1;
        < foreach($disallowedfileext as $this) {
        < if ($substr_count($file_name, $this)) {
        < $nondisallowedfile=0;
        < break;
        < };
        < };
        <
        < // illegal file type!
        < if ($nondisallowedfile != 1) die(texterror('This file type is not supported.'));
        <
        diff -r nola/includes/defines.php nola.orig/includes/defines.php
        301,303d300
        < //disallowed file extentions
        < $disallowedfileext=array('.php','.phps','.php3');
        <
        diff -r nola/invitemadd1.php nola.orig/invitemadd1.php
        21,31d20
        < $nondisallowedfile=1;
        < foreach($disallowedfileext as $this) {
        < if ($substr_count($graphic_name, $this)) {
        < $nondisallowedfile=0;
        < break;
        < };
        < };
        <
        < // illegal file type!
        < if ($nondisallowedfile != 1) die(texterror('This file type is not supported.'));
        <
        45,55d33
        < $nondisallowedfile=1;
        < foreach($disallowedfileext as $this) {
        < if ($substr_count($catalogsheet_name, $this)) {
        < $nondisallowedfile=0;
        < break;
        < };
        < };
        <
        < // illegal file type!
        < if ($nondisallowedfile != 1) die(texterror('This file type is not supported.'));
        <
        diff -r nola/invitemupd.php nola.orig/invitemupd.php
        27,37d26
        < $nondisallowedfile=1;
        < foreach($disallowedfileext as $this) {
        < if ($substr_count($graphic_name, $this)) {
        < $nondisallowedfile=0;
        < break;
        < };
        < };
        <
        < // illegal file type!
        < if ($nondisallowedfile != 1) die(texterror('This file type is not supported.'));
        <
        51,61d39
        < $nondisallowedfile=1;
        < foreach($disallowedfileext as $this) {
        < if ($substr_count($catalogsheet_name, $this)) {
        < $nondisallowedfile=0;
        < break;
        < };
        < };
        <
        < // illegal file type!
        < if ($nondisallowedfile != 1) die(texterror('This file type is not supported.'));
        <
        171c149
        <
        ---
        >
        \ No newline at end of file
        ---
        Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息

59851
NOLA Document Management Module Unrestricted File Upload Arbitrary PHP Code Execution
Remote / Network Access Input Manipulation
Loss of Integrity Third-Party Solution
Uncoordinated Disclosure

- 漏洞描述

NOLA contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the document management module script not properly sanitizing user input supplied to the file upload parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

- 时间线

2002-06-25 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Ryan Fox has released an unofficial patch to address this vulnerability. As with all third-party solutions, ensure they come from a reliable source and are permitted under your company's security policy.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站