CVE-2006-2330
CVSS6.4
发布时间 :2006-05-11 20:02:00
修订时间 :2011-03-07 21:35:58
NMCO    

[原文]PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.


[CNNVD]PHP-Fusion 多个本地文件包含漏洞(CNNVD-200605-199)

        PHP-Fusion 6.00.306及之前版本在Apache HTTP Server 1.3.27 和PHP 4.3.3下运行时,可以使远程认证用户使用一个包含两个或更多扩展名,以诸如 .gif等假装验证的扩展名结尾的文件名,上传任意类型的文件,比如上传然后再执行以".php.gif" 结尾并包含EXIF元数据中的PHP代码的头像文件。

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:php_fusion:php_fusion:6.00.303
cpe:/a:php_fusion:php_fusion:6.00.306
cpe:/a:php_fusion:php_fusion:6.00.106
cpe:/a:php_fusion:php_fusion:6.00.110
cpe:/a:php_fusion:php_fusion:6.00.109
cpe:/a:php_fusion:php_fusion:6.00.304
cpe:/a:php_fusion:php_fusion:6.00.206
cpe:/a:php_fusion:php_fusion:6.00.105
cpe:/a:php_fusion:php_fusion:6.00.3
cpe:/a:php_fusion:php_fusion:6.00.204
cpe:/a:php_fusion:php_fusion:6.00.107

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2330
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2330
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200605-199
(官方数据源) CNNVD

- 其它链接及资源

http://www.php-fusion.co.uk/news.php
(PATCH)  CONFIRM  http://www.php-fusion.co.uk/news.php
http://secunia.com/advisories/19992
(VENDOR_ADVISORY)  SECUNIA  19992
http://www.vupen.com/english/advisories/2006/1735
(UNKNOWN)  VUPEN  ADV-2006-1735
http://www.securityfocus.com/bid/17898
(UNKNOWN)  BID  17898
http://www.securityfocus.com/archive/1/archive/1/433277/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060508 PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities
http://xforce.iss.net/xforce/xfdb/26388
(UNKNOWN)  XF  phpfusion-avatar-extensions-code-execution(26388)
http://www.osvdb.org/25537
(UNKNOWN)  OSVDB  25537
http://securityreason.com/securityalert/873
(UNKNOWN)  SREASON  873

- 漏洞信息

PHP-Fusion 多个本地文件包含漏洞
中危 输入验证
2006-05-11 00:00:00 2006-05-12 00:00:00
远程  
        PHP-Fusion 6.00.306及之前版本在Apache HTTP Server 1.3.27 和PHP 4.3.3下运行时,可以使远程认证用户使用一个包含两个或更多扩展名,以诸如 .gif等假装验证的扩展名结尾的文件名,上传任意类型的文件,比如上传然后再执行以".php.gif" 结尾并包含EXIF元数据中的PHP代码的头像文件。

- 公告与补丁

        目前我们尚未获得厂商就此问题提供补丁的信息。如果您发现我们有失误或者了解更新的信息,请给我们发邮件: vuldb@securityfocus.com。

- 漏洞信息

25537
PHP-Fusion File Upload Restriction Bypass
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

PHP-Fusion contains a flaw that may allow a malicious user to upload avatar images with multiple file extensions. It is possible that the flaw may allow to execute arbitrary PHP code if used, for example, in conjunction with apache mod_mime module.

- 时间线

2006-05-08 Unknow
2006-05-08 Unknow

- 解决方案

Upgrade to version 6.00.307 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站