CARE2X inc_diagnostics_report_fx.php root_path Variable Remote File Inclusion

2007-03-13T09:04:06
ID OSVDB:34049
Type osvdb
Reporter Dedi Dwianto a.k.a the_day(erdc@echo.or.id)
Modified 2007-03-13T09:04:06

Description

Vulnerability Description

CARE2X contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the inc_diagnostics_report_fx.php script not properly sanitizing user input supplied to the 'root_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

At the time of disclosure, version 1.1 was roughly three years old (2004-01-11) and had been superceded by several versions up to and including 2.2.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: turn the register_globals PHP option to 'off'.

Short Description

CARE2X contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the inc_diagnostics_report_fx.php script not properly sanitizing user input supplied to the 'root_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

References:

Vendor URL: http://www.care2x.org Secunia Advisory ID:24481 Related OSVDB ID: 34048 Related OSVDB ID: 34045 Related OSVDB ID: 34047 Related OSVDB ID: 34056 Related OSVDB ID: 34060 Related OSVDB ID: 34044 Related OSVDB ID: 34046 Related OSVDB ID: 34050 Related OSVDB ID: 34052 Related OSVDB ID: 34055 Related OSVDB ID: 34057 Related OSVDB ID: 34058 Related OSVDB ID: 34051 Related OSVDB ID: 34053 Related OSVDB ID: 34054 Related OSVDB ID: 34059 Other Advisory URL: http://advisories.echo.or.id/adv/adv72-theday-2007.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0173.html ISS X-Force ID: 32981 FrSIRT Advisory: ADV-2007-0938 CVE-2007-1458 Bugtraq ID: 22951