From: SecuriTeam <support@securiteam.com.>
To: list@securiteam.com
Date: 16 Oct 2006 11:08:31 +0200
Subject: [UNIX] Asbru HardCore Web Content Editor Command Injection
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20061016094942.05FC96E72@mail.tyumen.ru.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Asbru HardCore Web Content Editor Command Injection
------------------------------------------------------------------------
SUMMARY
The <http://editor.asbrusoft.com/>; Asbru Software Web Content Editor
allows "for web-based advanced text processing, replacing the typical
TEXTAREA input fields with a rich user interface, offering HTML editing
capabilities, formatting and various other features. It integrates with
Asbru Software's Content Management System, works with most modern
browsers and comes in versions for ASP, ASP.NET, PHP, ColdFusion and JSP".
A vulnerability in Asbru allows remote attackers to cause the product to
execute arbitrary code via the spell checking mechanism.
DETAILS
The spell checking feature uses ASpell, which is invoked through the
respective language's process creation commands, such as proc_open() in
PHP, Runtime's exec() method in JSP, shell.Run() in ASP and the like. All
these invocations are prone to a command injection attack, since ASpell's
dictionary argument is specified from a HTTP request parameter and the
input is not sanitized.
This leads to immediate shell command execution if an attacker carefully
crafts this parameter's value. The vulnerability is *only* present if the
spell checking capability is in use.
Solution:
AsbruSoft reacted very quickly. The vulnerability was reported on Oct 5
and a fix was created over the weekend, released on Oct 8. The updated
version 6.0.22 is available from
<http://editor.asbrusoft.com/page.php/id=727>;
http://editor.asbrusoft.com/page.php/id=727.
ADDITIONAL INFORMATION
The information has been provided by <mailto:security@nruns.com.> Jan
Muenther of n.runs GmbH.
The original article can be found at:
<http://editor.asbrusoft.com/page.php/id=727>;
http://editor.asbrusoft.com/page.php/id=727
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
Началась подписка на журнал Linux Format на 2010 год.
Спешите оформить подписку на единственный в России ежемесячный журнал о Linux!
Все, оформившие подписку на печатную версию журнала, получают диск с архивом журнала Linux Format за
2005-2009г. в подарок. Также в подарок вы получаете именную электронную версию в формате PDF.
Теперь вы можете приступить к чтению журнала сразу в момент выхода свежего номера, не дожидаясь,
пока вам доставят бумажную версию.
Кроме того, все, оформившие подписку на первую половину или весь 2010 год в
интернет-магазине ГНУ/Линуксцентра, автоматически становятся участниками розыгрыша ценных призов:
