CVE-2006-0921
CVSS6.4
发布时间 :2006-02-28 06:02:00
修订时间 :2008-09-05 17:00:34
NMCOS    

[原文]Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder.


[CNNVD]RunCMS ‘connector.php’多个目录遍历漏洞(CNNVD-200602-442)

        FCKeditor 2.0 FC的connector.php存在多个目录遍历漏洞,用在RunCMS等产品中时,可使远程攻击者借助指向(1) GetFoldersAndFiles和(2) CreateFolder的CurrentFolder参数(该参数中包含..)列出并创建任意目录。

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0921
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0921
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200602-442
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/archive/1/archive/1/425937/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060223 NSA Group Security Advisory NSAG-¹195-23.02.2006 Vulnerability FCKeditor 2.0 FC
http://www.nsag.ru/vuln/952.html
(UNKNOWN)  MISC  http://www.nsag.ru/vuln/952.html
http://xforce.iss.net/xforce/xfdb/24878
(UNKNOWN)  XF  fckeditor-connector-obtain-information(24878)
http://www.securityfocus.com/archive/1/archive/1/434559/30/4890/threaded
(UNKNOWN)  BUGTRAQ  20060519 Re: NSA Group Security Advisory NSAG-¹195-23.02.2006 Vulnerability FCKeditor 2.0 FC
http://securityreason.com/securityalert/484
(UNKNOWN)  SREASON  484

- 漏洞信息

RunCMS ‘connector.php’多个目录遍历漏洞
中危 路径遍历
2006-02-28 00:00:00 2006-02-28 00:00:00
远程  
        FCKeditor 2.0 FC的connector.php存在多个目录遍历漏洞,用在RunCMS等产品中时,可使远程攻击者借助指向(1) GetFoldersAndFiles和(2) CreateFolder的CurrentFolder参数(该参数中包含..)列出并创建任意目录。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        FCKeditor FCKeditor 2.2
        FCKeditor FCKeditor_2.3b.tar.gz
        http://prdownloads.sourceforge.net/fckeditor/FCKeditor_2.3b.tar.gz
        RunCMS RunCMS 1.3.a2
        RunCMS FIX1002206-2
        http://www.runcms.org/public/modules/downloads/singlefile.php?lid=242
        RunCMS RunCMS 1.1 A
        RunCMS FIX1002206-2
        http://www.runcms.org/public/modules/downloads/singlefile.php?lid=242
        RunCMS RunCMS 1.1
        RunCMS FIX1002206-2
        http://www.runcms.org/public/modules/downloads/singlefile.php?lid=242
        RunCMS RunCMS 1.2
        RunCMS FIX1002206-2
        http://www.runcms.org/public/modules/downloads/singlefile.php?lid=242
        FCKeditor FCKeditor 2.0 RC2
        FCKeditor FCKeditor_2.3b.tar.gz
        http://prdownloads.sourceforge.net/fckeditor/FCKeditor_2.3b.tar.gz
        FCKeditor FCKeditor 2.0 rc3
        FCKeditor FCKeditor_2.3b.tar.gz
        http://prdownloads.sourceforge.net/fckeditor/FCKeditor_2.3b.tar.gz

- 漏洞信息

23573
FCKeditor connector.php CurrentFolder Traversal Arbitrary File/Directory Manipulation
Remote / Network Access Input Manipulation
Vendor Verified

- 漏洞描述

- 时间线

2006-02-23 Unknow
2006-02-23 Unknow

- 解决方案

Upgrade to version 2.3 Beta or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

RunCMS Remote Code Execution Vulnerability
Access Validation Error 16578
Yes No
2006-02-10 12:00:00 2006-05-23 06:03:00
Discovered by <rgod@autistici.org>.

- 受影响的程序版本

RunCMS RunCMS 1.2
RunCMS RunCMS 1.1 A
RunCMS RunCMS 1.1
RunCMS RunCMS 1.3.a2
FCKeditor FCKeditor 2.0 rc3
FCKeditor FCKeditor 2.0 RC2
FCKeditor FCKeditor 2.2
FCKeditor FCKeditor 2.3 beta

- 不受影响的程序版本

FCKeditor FCKeditor 2.3 beta

- 漏洞讨论

RunCMS is prone to a remote code-execution vulnerability. This issue exists because the application allows remote users to upload files and call a connector script to execute the files.

This issue affects RunCMS version 1.3a2 and earlier.

- 漏洞利用

The following proofs of concept are available:

http://www.securityfocus.com/data/vulnerabilities/exploits/runcms_13a_xpl.php

http://www.securityfocus.com/data/vulnerabilities/exploits/fckeditor_22_xpl.php

- 解决方案

Fixes are available.


FCKeditor FCKeditor 2.2

RunCMS RunCMS 1.3.a2

RunCMS RunCMS 1.1 A

RunCMS RunCMS 1.1

RunCMS RunCMS 1.2

FCKeditor FCKeditor 2.0 RC2

FCKeditor FCKeditor 2.0 rc3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站