[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DotNetNuke Remote Code Execution vulnerability
- To: "bugtraq@xxxxxxxxxxxxxxxxx" <bugtraq@xxxxxxxxxxxxxxxxx>
- Subject: DotNetNuke Remote Code Execution vulnerability
- From: Daniel Niggebrugge <Niggebrugge@xxxxxxxxxx>
- Date: Thu, 20 Jan 2011 17:10:57 +0100
=======================================
Vulnerability discovered: November 23, 2010
Discovered by: Daniël Niggebrugge, Fox-IT BV (https://www.fox-it.com/)
Reported to vendor: November 30, 2010
Fix available: Yes
=======================================
PRODUCT
-------------
DotNetNuke is an open source Content Management System (CMS) based on Microsoft
ASP.NET. DotNetNuke powers over 600,000 production web sites worldwide. More
information can be found at:
http://www.dotnetnuke.com/Intro/AtAGlance/tabid/1579/Default.aspx
VULNERABILITY
-------------
An anonymous attacker can upload ASPX files, access these files and is then
able to execute arbitrary commands on the web server. This leads to full
compromise of the DotNetNuke environment and possibly compromise of other web
applications and/or information on the web server.
Fox-IT verified DotNetNuke version 05.06.00 (459) to be vulnerable to this
issue.
FIX
-------------
This issue has been fixed in DotNetNuke version 05.06.01. Fox-IT advises to
test and deploy this new version as soon as possible.
DETAILS
-------------
The vulnerability is caused by several web pages of DotNetNuke that
insufficiently enforce authorization checks. Depending on the function of the
vulnerable web page, several issues might arise. The most severe issue makes it
possible to upload executable files without proper authorizations and execute
arbitrary commands on the web server.
REFERENCES
-------------
Original report:
http://www.fox-it.com/en/news-and-events/news/recent-news/news-article/dotnetnuke-remote-code-execution-vulnerability-discovered-by-fox-it/174
DotNetNuke security bulletin:
http://www.dotnetnuke.com/securitybulletinno46/tabid/2113/Default.aspx