Vuln: FCK Editor

Have a question or a suggestion about a 3rd party addon module or plugin?
Let us know here.
Locked
dcdent

Vuln: FCK Editor

Post by dcdent »

Some new security issue, source: Secunia
FCKeditor "Type" Parameter File Upload Vulnerability

Secunia Advisory: SA20122  
Release Date: 2006-05-18


Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch


Software: FCKeditor 2.x (Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.)


Description:
A vulnerability has been discovered in FCKeditor, which potentially can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an input validation error in the processing of file uploads. This can be exploited to upload arbitrary scripts by defining an invalid value for the "Type" parameter when uploading a file via "editor/filemanager/upload/php/upload.php".

Successful exploitation requires that file uploads have been enabled in the "config.php" configuration file (not enabled by default).

The vulnerability has been confirmed in version 2.2. Prior versions may also be affected.

Solution:
The vulnerability has been fixed in version 2.3 Beta.

Provided and/or discovered by:
Reported by the vendor.
Last edited by dcdent on Fri May 19, 2006 9:15 am, edited 1 time in total.
Top
Ted
Power Poster
Power Poster
Posts: 3329
Joined: Fri Jun 11, 2004 6:58 pm
Location: Fairless Hills, Pa USA

Re: Vuln: FCK Editor

Post by Ted »

This file has a login cookie check as well in 0.13 (I added it as a precaution after beta4).  So, they'd have to be logged into CMSMS for this vulnerability to even be possible.  I wouldn't worry about it too much, though we will update fck when a 2.3 final comes out.
Top
dcdent

Re: Vuln: FCK Editor

Post by dcdent »

ok,
thanks for fast response!
Top
Ted
Power Poster
Power Poster
Posts: 3329
Joined: Fri Jun 11, 2004 6:58 pm
Location: Fairless Hills, Pa USA

Re: Vuln: FCK Editor

Post by Ted »

And in other news, Silmarillion has been playing around with 2.3 beta and says it's pretty good.  It's a lot faster, apparently.  I'll be interested to see how it works out after it's fully integrated.
Top
Greg
Power Poster
Power Poster
Posts: 598
Joined: Sun Sep 26, 2004 6:15 pm
Location: Saskatchewan - Canada

Re: Vuln: FCK Editor

Post by Greg »

I see 2.3 of FCKeditor is now finalized - is it in the latest svn?
Greg
Top
User avatar
Elijah Lofgren
Power Poster
Power Poster
Posts: 811
Joined: Mon Apr 24, 2006 1:01 am
Location: Deatsville, AL

Re: Vuln: FCK Editor

Post by Elijah Lofgren »

Greg wrote: I see 2.3 of FCKeditor is now finalized - is it in the latest svn?
Yes. It loads a lot faster than previous versions. :)
Note: I don't have time to take on any more projects. I'm quite busy. I may be too busy to reply to emails or messages. Thanks for your understanding. :)
Top
Greg
Power Poster
Power Poster
Posts: 598
Joined: Sun Sep 26, 2004 6:15 pm
Location: Saskatchewan - Canada

Re: Vuln: FCK Editor

Post by Greg »

In the latest SVN .....

The smileys folder is missing ... Modules/FCKeditor/fckeditor/images/smiley
Also getting a javascript error:
Greg
Top
Ted
Power Poster
Power Poster
Posts: 3329
Joined: Fri Jun 11, 2004 6:58 pm
Location: Fairless Hills, Pa USA

Re: Vuln: FCK Editor

Post by Ted »

I had Sil remove some of the sillier plugins from FCK.  Stuff like that is just taking up space and if people REALLY need it, they can grab them from the FCK site.

Not sure about the javascript error, though.
Top
Locked

Return to “Modules/Add-Ons”