----------------------------------------------------------------------


Use WSUS to deploy 3rd party patches

Public BETA
http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/


----------------------------------------------------------------------

TITLE:
eFront "langname" Local File Inclusion Vulnerability

SECUNIA ADVISORY ID:
SA38973

VERIFY ADVISORY:
http://secunia.com/advisories/38973/

DESCRIPTION:
A vulnerability has been discovered in eFront, which can be exploited
by malicious users to compromise a vulnerable system and by malicious
people to disclose sensitive information.

Input passed to the "langname" parameter in
www/editor/tiny_mce/langs/language.php is not properly verified
before being used to include files. This can be exploited to include
arbitrary files from local resources via directory traversal
sequences and URL-encoded NULL bytes.

Successful exploitation with arbitrary file extensions requires that
"magic_quotes_gpc" is disabled.

NOTE: This can further be exploited to execute arbitrary PHP code by
uploading and including files containing PHP code via the "New
Message" functionality in the "Personal Messages" section.

The vulnerability is confirmed in version 3.5.5. Other versions may
also be affected.

SOLUTION:
Update to version 3.6 or apply the patch.
https://sourceforge.net/projects/efrontlearning/files/efront_3.5.x_editor_security_patch.zip/download

PROVIDED AND/OR DISCOVERED BY:
Core Security Technologies credits 7safe's Penetration Testing Team.

ORIGINAL ADVISORY:
eFront:
http://forum.efrontlearning.net/viewtopic.php?f=15&t=1945
http://www.efrontlearning.net/product/efront-news/265-important-security-fix.html

Core Security Technologies:
http://www.coresecurity.com/content/efront-php-file-inclusion

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------