I have to disagree with the Severity of grave. To exploit you need
to have register_globals set to on which has not been the default in
years. We have released 1.2.5 which fixes the issue and a number of
other things. It just gets under my skin when "researchers" find
problems, elevate how serious they are and never notify the
development team.
Sorry for my rant,
Kevin
---------------------
BASE Project Lead
http://sourceforge.net/projects/secureideas
http://base.secureideas.net
The next step in IDS analysis!
On Jun 5, 2006, at 6:24 PM, David Gil wrote:
Package: acidbase
Severity: grave
Tags: security
Justification: user security hole
http://www.frsirt.com/english/advisories/2006/1996
Advisory ID : FrSIRT/ADV-2006-1996
CVE ID : GENERIC-MAP-NOMATCH
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-05-26
Technical Description
Multiple vulnerabilities have been identified in Basic Analysis
and Security
Engine (BASE), which could be exploited by attackers to execute
arbitrary
commands. These flaws are due to input validation errors in the
"base_qry_common.php", "base_stat_common.php", and
"includes/base_include.inc.php" scripts that do not validate the
"BASE_path"
parameter, which could be exploited by remote attackers to include
malicious
scripts and execute arbitrary commands with the privileges of the
web server.
Affected Products
Basic Analysis and Security Engine (BASE) 1.2.4 and prior
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-2-686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
