<<< Date Index >>>     <<< Thread Index >>>

Re: Advisory 02/2005: Remote code execution in Serendipity



"[2] that leads to remote code execution. Unfortunately, this vulner-
ability also exists in the PEAR XMLRPC implementation, and GulfTech somewhat
  neglected to notify the vendors in question."

This is a very unfair statement as I did my best to hunt down everyone using the vulnerable libraries. Both the PEAR guys and the PHPXMLRPC guys were contacted several days ago, and I also took the time to personally contact everyone I could find using the vulnerable XMLRPC libraries. I think it would be impossible for anyone to hunt down every application using these libraries.

In regards to the vulnerabilities: No technical details will be released by GulfTech until both libraries are updated because the holes are identical and it would cause more harm than good. Anyone using either vulnerable library should visit the official website pertaining to the library and download any updated version. Again, technical details of the vulnerabilities in these two libraries will be released in the future.

James

Christopher Kunz wrote:

                        Hardened PHP Project
                        www.hardened-php.net


                      -= Security  Advisory =-


     Advisory: Remote code execution in Serendipity
 Release Date: 2005/06/29
Last Modified: 2005/06/29
       Author: Christopher Kunz <christopher.kunz@xxxxxxxxxxxxxxxx>
  Application: Serendipity <= 0.8.2
     Severity: Arbitrary remote code execution
         Risk: Very High
Vendor Status: Vendor has released an updated version
   References: http://www.hardened-php.net/advisory-022005.php


Overview:

   Quote from http://www.s9y.org/:
"Serendipity is a weblog/blog system, implemented with PHP. It is standards
   compliant, feature rich and open source (BSD License). Serendipity is
constantly under active development, with a team of talented developers
   trying to make the best PHP powered blog on the net."


Details: