Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | New fckeditor packages fix arbitrary code execution |
| Informations | |||
|---|---|---|---|
| Name | DSA-1836 | First vendor Publication | 2009-07-16 |
| Vendor | Debian | Last vendor Modification | 2009-07-16 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Vinny Guido discovered that multiple input sanitising vulnerabilities in Fckeditor, a rich text web editor component, may lead to the execution of arbitrary code. The old stable distribution (etch) doesn't contain fckeditor. For the stable distribution (lenny), this problem has been fixed in version 1:2.6.2-1lenny1. For the unstable distribution (sid), this problem has been fixed in version 1:2.6.4.1-1. We recommend that you upgrade your fckeditor package. |
Original Source
| Url : http://www.debian.org/security/2009/dsa-1836 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:13698 | |||
| Oval ID: | oval:org.mitre.oval:def:13698 | ||
| Title: | DSA-1836-1 fckeditor -- missing input sanitising | ||
| Description: | Vinny Guido discovered that multiple input sanitising vulnerabilities in Fckeditor, a rich text web editor component, may lead to the execution of arbitrary code. The old stable distribution doesn’t contain fckeditor. For the stable distribution, this problem has been fixed in version 1:2.6.2-1lenny1. For the unstable distribution, this problem has been fixed in version 1:2.6.4.1-1. We recommend that you upgrade your fckeditor package. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1836-1 CVE-2009-2265 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | fckeditor |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8043 | |||
| Oval ID: | oval:org.mitre.oval:def:8043 | ||
| Title: | DSA-1836 fckeditor -- missing input sanitising | ||
| Description: | Vinny Guido discovered that multiple input sanitising vulnerabilities in Fckeditor, a rich text web editor component, may lead to the execution of arbitrary code. The old stable distribution (etch) doesn't contain fckeditor. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1836 CVE-2009-2265 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | fckeditor |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-06-18 | Name : Fedora Update for moin FEDORA-2010-9876 File : nvt/gb_fedora_2010_9876_moin_fc11.nasl |
| 2010-04-09 | Name : Fedora Update for moin FEDORA-2010-6012 File : nvt/gb_fedora_2010_6012_moin_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for moin FEDORA-2010-1743 File : nvt/gb_fedora_2010_1743_moin_fc11.nasl |
| 2009-07-29 | Name : Debian Security Advisory DSA 1836-1 (fckeditor) File : nvt/deb_1836_1.nasl |
| 2009-07-29 | Name : Fedora Core 10 FEDORA-2009-7761 (moin) File : nvt/fcore_2009_7761.nasl |
| 2009-07-29 | Name : Fedora Core 11 FEDORA-2009-7794 (moin) File : nvt/fcore_2009_7794.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 55684 | FCKeditor Connector Modules CurrentFolder Parameter Traversal Arbitrary File ... |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6012.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1836.nasl - Type : ACT_GATHER_INFO |
| 2009-07-20 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7761.nasl - Type : ACT_GATHER_INFO |
| 2009-07-20 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-7794.nasl - Type : ACT_GATHER_INFO |
| 2009-07-15 | Name : The remote web server contains a PHP application that is affected by an arbit... File : fckeditor_currentfolder_file_upload.nasl - Type : ACT_MIXED_ATTACK |
| 2009-07-14 | Name : The remote web server contains an application that is affected by an arbitrar... File : coldfusion_fckeditor_file_upload.nasl - Type : ACT_MIXED_ATTACK |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:28:37 |
|
