10 - DSA-1919

Executive Summary

Summary
Title	New smarty packages fix regression

Informations
Name	DSA-1919	First vendor Publication	2009-10-25
Vendor	Debian	Last vendor Modification	2010-08-17
Severity (Vendor)	N/A	Revision	2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A regression was found in the patch applied in DSA 1919-1 to smarty, which caused compilation failures on some specific templates. This update corrects the fix. For reference, the full advisory text below.

Several remote vulnerabilities have been discovered in Smarty, a PHP templating engine. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-4810

The _expand_quoted_text function allows for certain restrictions in templates, like function calling and PHP execution, to be bypassed.

CVE-2009-1669

The smarty_function_math function allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function.

For the stable distribution (lenny), this problem has been fixed in version 2.6.20-1.3.

The testing (squeeze) and unstable distribution (sid) are not affected by this regression.

We recommend that you upgrade your smarty package.

Original Source

Url : http://www.debian.org/security/2010/dsa-1919

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-94	Failure to Control Generation of Code ('Code Injection')
50 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13108

Oval ID:	oval:org.mitre.oval:def:13108
Title:	DSA-1919-1 smarty -- several
Description:	Several remote vulnerabilities have been discovered in Smarty, a PHP templating engine. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4810 The _expand_quoted_text function allows for certain restrictions in templates, like function calling and PHP execution, to be bypassed. CVE-2009-1669 The smarty_function_math function allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. For the old stable distribution, these problems have been fixed in version 2.6.14-1etch2. For the stable distribution, these problems have been fixed in version 2.6.20-1.2. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your smarty package.
Family:	unix	Class:	patch
Reference(s):	DSA-1919-1 CVE-2008-4810 CVE-2009-1669	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	smarty
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND smarty DPKG is earlier than 2.6.20-1.2 OR Release section Debian GNU/Linux 4.0 is installed. AND Installed architecture is all AND smarty DPKG is earlier than 2.6.14-1etch2

Definition Id: oval:org.mitre.oval:def:13560

Oval ID:	oval:org.mitre.oval:def:13560
Title:	DSA-1919-2 smarty -- several
Description:	A regression was found in the patch applied in DSA 1919-1 to smarty, which caused compilation failures on some specific templates. This update corrects the fix. For reference, the full advisory text below. Several remote vulnerabilities have been discovered in Smarty, a PHP templating engine. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4810 The _expand_quoted_text function allows for certain restrictions in templates, like function calling and PHP execution, to be bypassed. CVE-2009-1669 The smarty_function_math function allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. For the stable distribution, this problem has been fixed in version 2.6.20-1.3. The testing and unstable distribution are not affected by this regression. We recommend that you upgrade your smarty package.
Family:	unix	Class:	patch
Reference(s):	DSA-1919-2 CVE-2008-4810 CVE-2009-1669	Version:	5
Platform(s):	Debian GNU/Linux 5.0	Product(s):	smarty
Definition Synopsis:
Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND smarty DPKG is earlier than 2.6.20-1.3

Definition Id: oval:org.mitre.oval:def:13807

Oval ID:	oval:org.mitre.oval:def:13807
Title:	USN-791-3 -- smarty vulnerability
Description:	It was discovered that Smarty did not correctly filter certain math inputs. A remote attacker using Smarty via a web service could exploit this to execute subsets of shell commands as the web server user.
Family:	unix	Class:	patch
Reference(s):	USN-791-3 CVE-2009-1669	Version:	5
Platform(s):	Ubuntu 9.04	Product(s):	smarty
Definition Synopsis:
Ubuntu 9.04 is installed AND Installed architecture is all AND smarty DPKG is earlier than 2.6.22-1ubuntu1.1

Definition Id: oval:org.mitre.oval:def:7911

Oval ID:	oval:org.mitre.oval:def:7911
Title:	DSA-1919 smarty -- several vulnerabilities
Description:	Several remote vulnerabilities have been discovered in Smarty, a PHP templating engine. The Common Vulnerabilities and Exposures project identifies the following problems: The _expand_quoted_text function allows for certain restrictions in templates, like function calling and PHP execution, to be bypassed. The smarty_function_math function allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function.
Family:	unix	Class:	patch
Reference(s):	DSA-1919 CVE-2008-4810 CVE-2009-1669	Version:	3
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	smarty
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND smarty is earlier than 2.6.20-1.2 OR Release section Debian GNU/Linux 4.0 is installed. AND Installed architecture is all AND smarty is earlier than 2.6.14-1etch2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Smarty cpe:2.3:a:smarty:smarty:2.6.9:::::::* cpe:2.3:a:smarty:smarty:2.6.7:::::::* cpe:2.3:a:smarty:smarty:2.6.6:::::::* cpe:2.3:a:smarty:smarty:2.6.5:::::::* cpe:2.3:a:smarty:smarty:2.6.4:::::::* cpe:2.3:a:smarty:smarty:2.6.3:::::::* cpe:2.3:a:smarty:smarty:2.6.22:::::::* cpe:2.3:a:smarty:smarty:2.6.2:::::::* cpe:2.3:a:smarty:smarty:2.6.18:::::::* cpe:2.3:a:smarty:smarty:2.6.17:::::::* cpe:2.3:a:smarty:smarty:2.6.16:::::::* cpe:2.3:a:smarty:smarty:2.6.15:::::::* cpe:2.3:a:smarty:smarty:2.6.14:::::::* cpe:2.3:a:smarty:smarty:2.6.13:::::::* cpe:2.3:a:smarty:smarty:2.6.12:::::::* cpe:2.3:a:smarty:smarty:2.6.11:::::::* cpe:2.3:a:smarty:smarty:2.6.10:::::::* cpe:2.3:a:smarty:smarty:2.6.1:::::::* cpe:2.3:a:smarty:smarty:2.6.0:::::::* cpe:2.3:a:smarty:smarty:2.6.0:rc1:::::: cpe:2.3:a:smarty:smarty:2.6.0:rc3:::::: cpe:2.3:a:smarty:smarty:2.6.0:rc2:::::: cpe:2.3:a:smarty:smarty:2.5.0:::::::* cpe:2.3:a:smarty:smarty:2.5.0:rc2:::::: cpe:2.3:a:smarty:smarty:2.5.0:rc1:::::: cpe:2.3:a:smarty:smarty:2.4.2:::::::* cpe:2.3:a:smarty:smarty:2.4.1:::::::* cpe:2.3:a:smarty:smarty:2.4.0:::::::* cpe:2.3:a:smarty:smarty:2.3.1:::::::* cpe:2.3:a:smarty:smarty:2.3.0:::::::* cpe:2.3:a:smarty:smarty:2.2.0:::::::* cpe:2.3:a:smarty:smarty:2.1.1:::::::* cpe:2.3:a:smarty:smarty:2.1.0:::::::* cpe:2.3:a:smarty:smarty:2.0.1:::::::* cpe:2.3:a:smarty:smarty:2.0.0:::::::* cpe:2.3:a:smarty:smarty:1.5.2:::::::* cpe:2.3:a:smarty:smarty:1.5.1:::::::* cpe:2.3:a:smarty:smarty:1.5.0:::::::* cpe:2.3:a:smarty:smarty:1.4.6:::::::* cpe:2.3:a:smarty:smarty:1.4.5:::::::* cpe:2.3:a:smarty:smarty:1.4.4:::::::* cpe:2.3:a:smarty:smarty:1.4.3:::::::* cpe:2.3:a:smarty:smarty:1.4.2:::::::* cpe:2.3:a:smarty:smarty:1.4.1:::::::* cpe:2.3:a:smarty:smarty:1.4.0:::::::* cpe:2.3:a:smarty:smarty:1.4.0:b1:::::: cpe:2.3:a:smarty:smarty:1.4.0:b2:::::: cpe:2.3:a:smarty:smarty:1.3.2:::::::* cpe:2.3:a:smarty:smarty:1.3.1:::::::* cpe:2.3:a:smarty:smarty:1.3.0:::::::* cpe:2.3:a:smarty:smarty:1.2.2:::::::* cpe:2.3:a:smarty:smarty:1.2.1:::::::* cpe:2.3:a:smarty:smarty:1.2.0:::::::* cpe:2.3:a:smarty:smarty:1.1.0:::::::* cpe:2.3:a:smarty:smarty:1.0b:::::::* cpe:2.3:a:smarty:smarty:1.0a:::::::* cpe:2.3:a:smarty:smarty:1.0:::::::*	57

OpenVAS Exploits

Date	Description
2011-03-09	Name : Gentoo Security Advisory GLSA 201006-13 (smarty) File : nvt/glsa_201006_13.nasl
2010-08-21	Name : Debian Security Advisory DSA 1919-2 (smarty) File : nvt/deb_1919_2.nasl
2009-10-27	Name : Debian Security Advisory DSA 1919-1 (smarty) File : nvt/deb_1919_1.nasl
2009-06-30	Name : Ubuntu USN-791-1 (moodle) File : nvt/ubuntu_791_1.nasl
2009-06-30	Name : Ubuntu USN-791-3 (smarty) File : nvt/ubuntu_791_3.nasl
2009-06-05	Name : Fedora Core 9 FEDORA-2009-5516 (php-Smarty) File : nvt/fcore_2009_5516.nasl
2009-06-05	Name : Fedora Core 11 FEDORA-2009-5520 (php-Smarty) File : nvt/fcore_2009_5520.nasl
2009-06-05	Name : Fedora Core 10 FEDORA-2009-5525 (php-Smarty) File : nvt/fcore_2009_5525.nasl
2009-06-05	Name : Ubuntu USN-698-1 (nagios) File : nvt/ubuntu_698_1.nasl
2009-06-05	Name : Ubuntu USN-723-1 (git-core) File : nvt/ubuntu_723_1.nasl
2009-03-02	Name : Mandrake Security Advisory MDVSA-2009:052 (php-smarty) File : nvt/mdksa_2009_052.nasl
2008-12-29	Name : Debian Security Advisory DSA 1691-1 (moodle) File : nvt/deb_1691_1.nasl
2008-12-29	Name : Ubuntu USN-698-2 (nagios3) File : nvt/ubuntu_698_2.nasl
2008-12-29	Name : Ubuntu USN-699-1 (blender) File : nvt/ubuntu_699_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
54380	Smarty libs/plugins/function.math.php smarty_function_math() Function Templat...
49943	Smarty libs/Smarty_Compiler.class.php _expand_quoted_text() Function Arbitrar...

Nessus® Vulnerability Scanner

Date	Description
2010-06-03	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201006-13.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1919.nasl - Type : ACT_GATHER_INFO
2009-06-25	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-791-1.nasl - Type : ACT_GATHER_INFO
2009-06-25	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-791-3.nasl - Type : ACT_GATHER_INFO
2009-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2009-5516.nasl - Type : ACT_GATHER_INFO
2009-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2009-5520.nasl - Type : ACT_GATHER_INFO
2009-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2009-5525.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-052.nasl - Type : ACT_GATHER_INFO
2008-12-22	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1691.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:28:56	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	4
CPE ID(s)	57
osvdb(s)	2
Openvas Exploit(s)	14
Nessus® Exploit(s)	9

	Related
10	CVE-2009-1669
7.5	CVE-2008-4810
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)

10 - DSA-1919

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU