CVE-2006-1711
CVSS5.0
发布时间 :2006-04-11 14:06:00
修订时间 :2011-03-07 21:33:38
NMCOS    

[原文]Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.


[CNNVD]Plone MembershipTool 访问控制绕过漏洞(CNNVD-200604-148)

        Plone 2.0.5、2.1.2 及2.5-beta1版本不能限制对方法(1)changeMemberPortrait、(2)deletePersonalPortrait和(3)testCurrentPassword的访问。这使得远程攻击者可以修改头像。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:plone:plone:2.5_beta1
cpe:/a:plone:plone:2.1.2Plone 2.1.2
cpe:/a:plone:plone:2.0.5Plone 2.0.5

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1711
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1711
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200604-148
(官方数据源) CNNVD

- 其它链接及资源

https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt
(UNKNOWN)  CONFIRM  https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt
http://www.vupen.com/english/advisories/2006/1340
(UNKNOWN)  VUPEN  ADV-2006-1340
http://dev.plone.org/plone/ticket/5432
(UNKNOWN)  MISC  http://dev.plone.org/plone/ticket/5432
http://xforce.iss.net/xforce/xfdb/25781
(UNKNOWN)  XF  plone-memberid-data-manipulation(25781)
http://www.securityfocus.com/bid/17484
(UNKNOWN)  BID  17484
http://www.debian.org/security/2006/dsa-1032
(UNKNOWN)  DEBIAN  DSA-1032
http://secunia.com/advisories/19640
(UNKNOWN)  SECUNIA  19640
http://secunia.com/advisories/19633
(UNKNOWN)  SECUNIA  19633

- 漏洞信息

Plone MembershipTool 访问控制绕过漏洞
中危 访问验证错误
2006-04-11 00:00:00 2006-04-12 00:00:00
远程  
        Plone 2.0.5、2.1.2 及2.5-beta1版本不能限制对方法(1)changeMemberPortrait、(2)deletePersonalPortrait和(3)testCurrentPassword的访问。这使得远程攻击者可以修改头像。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Plone Plone 2.5-beta1
        Plone PloneHotfix20060410.tar.gz
        http://plone.org/products/plonehotfix20060410/releases/1.0/PloneHotfix 20060410.tar.gz
        Plone Plone 2.0.5
        Plone PloneHotfix20060410.tar.gz
        http://plone.org/products/plonehotfix20060410/releases/1.0/PloneHotfix 20060410.tar.gz
        Plone Plone 2.1.2
        Plone PloneHotfix20060410.tar.gz
        http://plone.org/products/plonehotfix20060410/releases/1.0/PloneHotfix 20060410.tar.gz
        

- 漏洞信息

24582
Plone Multiple Method member_id Parameter Portrait Manipulation
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-04-12 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Plone MembershipTool Access Control Bypass Vulnerability
Access Validation Error 17484
Yes No
2006-04-12 12:00:00 2006-04-12 11:22:00
mj reported this issue to the vendor.

- 受影响的程序版本

Plone Plone 2.1.2
Plone Plone 2.0.5
Plone Plone 2.0.4
Plone Plone 2.5-beta1
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1

- 漏洞讨论

Plone is susceptible to a remote access-control bypass vulnerability. This issue is due to the application's failure to properly enforce privileges to various MembershipTool methods.

This issue allows remote, anonymous attackers to modify and delete portrait images of members. This may help attackers exploit latent vulnerabilities in image-rendering software. Other attacks may also be possible.

- 漏洞利用

Attackers may use standard web client applications to exploit this issue.

The following 'curl' command demonstrates replacing a portrait image with attacker-specified content:

curl -F portrait=<path_to_file> --form-string member_id=[username] http://www.example.com/portal_membership/changeMemberPortrait

- 解决方案

The vendor has released a hotfix to address this issue.

Please see the referenced vendor advisories for further information on obtaining and applying fixes.


Plone Plone 2.5-beta1

Plone Plone 2.0.5

Plone Plone 2.1.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站