File Upload Vulnerability

Hi Folks,

I was just looking at http://secunia.com/advisories/18767/ and was able to determine that the version we have (2.3.1) is vulnerable to this.

I searched the site and forum and wasn't able to find the answer. Is an upgrade to 2.5 going to take care of this problem?

Thanks,
Rob.

Mon, 12/10/2007 - 22:06

alfonsoml

Joined: 31/12/2006

Posts: 3735

Re: File Upload Vulnerability

Yes, that vulnerability is old and the current version is safe in that aspect.

Besides directly protecting that issue, the 2.5 has changed to a black list approach, so only known safe files are allowed providing an extra protection about other unknown problems in Apache or PHP (as it was that one)

Mon, 12/10/2007 - 22:13

1skydive

Joined: 07/08/2007

Posts: 5

Re: File Upload Vulnerability

Great. Thank you for the fast reply.

Rob.

Tue, 12/11/2007 - 17:29

1skydive

Joined: 07/08/2007

Posts: 5

Re: File Upload Vulnerability

Hi,

I have another question. I guess my problem is that browsing to /editor/fckeditor.html can be done by anyone and it appears (even in version 2.5) if file uploads are enabled, anyone can upload one of the approved files. We have integrated FCK into a CMS so users have to log in to use the CMS, but without logging in, non-authenticated users can still browse to /editor/fckeditor.html (if they know the path) and upload files.

How are people preventing this from happening and making sure only authenticated users can use the file upload functionality? Am I missing something really obvious here?

Thanks,
Rob.

Tue, 12/11/2007 - 17:56

alfonsoml

Joined: 31/12/2006

Posts: 3735

Re: File Upload Vulnerability

from config.php:

// SECURITY: You must explicitly enable this "connector". (Set it to "true").
// WARNING: don't just set "$Config['Enabled'] = true ;", you must be sure that only
// authenticated users can access this file or use some kind of session checking.