[39359] in bugtraq
Re: Advisory 02/2005: Remote code execution in Serendipity
daemon@ATHENA.MIT.EDU (GulfTech Security Research)
Thu Jun 30 12:49:49 2005
Message-ID: <42C32B50.5080207@gulftech.org>
Date: Wed, 29 Jun 2005 18:14:24 -0500
From: GulfTech Security Research <security@gulftech.org>
MIME-Version: 1.0
To: Christopher Kunz <christopher.kunz@hardened-php.net>,
BugTraq <bugtraq@securityfocus.com>
In-Reply-To: <42C31C80.3050506@hardened-php.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
"[2] that leads to remote code execution. Unfortunately, this vulner-
ability also exists in the PEAR XMLRPC implementation, and GulfTech
somewhat
neglected to notify the vendors in question."
This is a very unfair statement as I did my best to hunt down everyone
using the vulnerable libraries. Both the PEAR guys and the PHPXMLRPC
guys were contacted several days ago, and I also took the time to
personally contact everyone I could find using the vulnerable XMLRPC
libraries. I think it would be impossible for anyone to hunt down every
application using these libraries.
In regards to the vulnerabilities: No technical details will be released
by GulfTech until both libraries are updated because the holes are
identical and it would cause more harm than good. Anyone using either
vulnerable library should visit the official website pertaining to the
library and download any updated version. Again, technical details of
the vulnerabilities in these two libraries will be released in the future.
James
Christopher Kunz wrote:
> Hardened PHP Project
> www.hardened-php.net
>
>
> -= Security Advisory =-
>
>
> Advisory: Remote code execution in Serendipity
> Release Date: 2005/06/29
> Last Modified: 2005/06/29
> Author: Christopher Kunz <christopher.kunz@hardened-php.net>
> Application: Serendipity <= 0.8.2
> Severity: Arbitrary remote code execution
> Risk: Very High
> Vendor Status: Vendor has released an updated version
> References: http://www.hardened-php.net/advisory-022005.php
>
>
> Overview:
>
> Quote from http://www.s9y.org/:
> "Serendipity is a weblog/blog system, implemented with PHP. It is
> standards
> compliant, feature rich and open source (BSD License). Serendipity is
> constantly under active development, with a team of talented
> developers
> trying to make the best PHP powered blog on the net."
>
>
> Details:
>
>
>
