[Full-disclosure] UPDATE: [ GLSA 200503-35 ] Smarty: Template vulnerability

From: Thierry Carrez (koon_at_gentoo.org)
Date: 04/10/05

  • Next message: CorryL: "[Full-disclosure] TowerBlog <= 0.6 Admin Account View [x0n3-h4ck]"
    Date: Sun, 10 Apr 2005 18:33:10 +0200
    To: gentoo-announce@lists.gentoo.org
    
    
    
    

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory [UPDATE] GLSA 200503-35:02
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                                http://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

      Severity: High
         Title: Smarty: Template vulnerability
          Date: March 30, 2005
       Updated: April 09, 2005
          Bugs: #86488
            ID: 200503-35:02

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Update
    ======

    New ways of bypassing Smarty's "Template security" were found and
    fixed in Smarty. Users making use of that feature are encouraged
    to upgrade to version 2.6.9.

    The updated sections appear below.

    Affected packages
    =================

        -------------------------------------------------------------------
         Package / Vulnerable / Unaffected
        -------------------------------------------------------------------
      1 dev-php/smarty < 2.6.9 >= 2.6.9

    Description
    ===========

    A vulnerability has been discovered within the regex_replace modifier
    of the Smarty templates when allowing access to untrusted users.
    Furthermore, it was possible to call functions from {if} statements and
    {math} functions.

    Resolution
    ==========

    All Smarty users should upgrade to the latest version:

        # emerge --sync
        # emerge --ask --oneshot --verbose ">=dev-php/smarty-2.6.9"

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

      http://security.gentoo.org/glsa/glsa-200503-35.xml

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users machines is of utmost
    importance to us. Any security concerns should be addressed to
    security@gentoo.org or alternatively, you may file a bug at
    http://bugs.gentoo.org.

    License
    =======

    Copyright 2005 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.0

    
    

    
    

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/



  • Next message: CorryL: "[Full-disclosure] TowerBlog <= 0.6 Admin Account View [x0n3-h4ck]"

    Relevant Pages