[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Vulnerability in Pydio/AjaXplorer <= 5.0.3

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Vulnerability in Pydio/AjaXplorer <= 5.0.3
From: advisories@xxxxxxxxxxx
Date: Sun, 10 Nov 2013 14:00:39 GMT

Vulnerability in Pydio/AjaXplorer < = 5.0.3
============
Background:
Pydio allows you to instantly turn any server into a powerful file sharing 
platform. Formerly known as AjaXplorer

============
Description of vulnerability

There is a path traversal vulnerability in the zoho plugin that is distributed 
with Pydio/AjaXplorer 5.0.3 core to 3.3.5.

An attacker may use this vulnerability to retrieve arbitrary information from 
the server. Or arbitrarily delete files that the application has access to. 
Exploiting this vulnerability does not require authentication.
============
Details:

/plugins/editor.zoho/agent/save_zoho.php

The zoho plugin location it isn't protected from direct access and will allow 
file inclusions/path traversal attacks that will allow arbitrary local files to 
be accessed.

Files that the application has access to will also be unlinked (impact to 
integrity/availability).
============
CVE:
The Common Vulnerabilities and Exposures (CVE) project has assigned 
CVE-2013-6226 to this issue. This is a candidate for inclusion in the CVE list.
============
Vendor Response:
Upgrade to Pydio v5.0.4 or higher.
http://pyd.io/pydio-core-5-0-4/


============
Timeline:
============
October 10, 2013, Vulnerability identified
October 10, 2013, Vendor Notified
October 10, 2013, Vendor initial patch review
October 10, 2013, Patch released
November 10, 2013, Disclosure

============
Research:
============
Craig Arendt (Redfsec)
http://www.redfsec.com/CVE-2013-6226

Prev by Date: Vulnerability in Pydio/AjaXplorer < = 5.0.3
Next by Date: [SECURITY] [DSA 2794-1] spip security update
Previous by thread: Vulnerability in Pydio/AjaXplorer < = 5.0.3
Next by thread: [SECURITY] [DSA 2794-1] spip security update
Index(es):
- Date
- Thread