BugTraq
[ GLSA 201006-13 ] Smarty: Multiple vulnerabilities Jun 02 2010 09:18PM
Alex Legler (a3li gentoo org) (1 replies)
RE: [ GLSA 201006-13 ] Smarty: Multiple vulnerabilities Jun 03 2010 02:57PM
Andrew Morum (amorum brendata co uk)
Not sure, phprunner incorporates this doesn't it?

-----Original Message-----
From: Alex Legler [mailto:a3li (at) gentoo (dot) org [email concealed]]
Sent: 02 June 2010 22:18
To: gentoo-announce (at) gentoo (dot) org [email concealed]
Cc: bugtraq (at) securityfocus (dot) com [email concealed]; full-disclosure (at) lists.grok.org (dot) uk [email concealed];
security-alerts (at) linuxsecurity (dot) com [email concealed]
Subject: [ GLSA 201006-13 ] Smarty: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201006-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Smarty: Multiple vulnerabilities
Date: June 02, 2010
Bugs: #212147, #243856, #270494
ID: 201006-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities in the Smarty template engine might allow
remote attackers to execute arbitrary PHP code.

Background
==========

Smarty is a template engine for PHP.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-php/smarty < 2.6.23 >= 2.6.23

Description
===========

Multiple vulnerabilities have been discovered in Smarty:

* The vendor reported that the modifier.regex_replace.php plug-in
contains an input sanitation flaw related to the ASCII NUL character
(CVE-2008-1066).

* The vendor reported that the _expand_quoted_text() function in
libs/Smarty_Compiler.class.php contains an input sanitation flaw via
multiple vectors (CVE-2008-4810, CVE-2008-4811).

* Nine:Situations:Group::bookoo reported that the
smarty_function_math() function in libs/plugins/function.math.php
contains input sanitation flaw (CVE-2009-1669).

Impact
======

These issues might allow a remote attacker to execute arbitrary PHP
code.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Smarty users should upgrade to an unaffected version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-php/smarty-2.6.23"

NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since June 2, 2009. It is likely that your system is already
no longer affected by this issue.

References
==========

[ 1 ] CVE-2008-1066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1066
[ 2 ] CVE-2008-4810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4810
[ 3 ] CVE-2008-4811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4811
[ 4 ] CVE-2009-1669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1669

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201006-13.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2010 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

The information contained in this email is intended for the personal and confidential use
of the addressee only. It may also be privileged information. If you are not the intended
recipient then you are hereby notified that you have received this document in error and
that any review, distribution or copying of this document is strictly prohibited. If you have
received this communication in error, please notify Brendata immediately on:

+44 (0)1268 466100, or email 'technical (at) brendata.co (dot) uk [email concealed]'

Brendata (UK) Ltd
Nevendon Hall, Nevendon Road, Basildon, Essex. SS13 1BX UK
Registered Office as above. Registered in England No. 2764339

See our current vacancies at www.brendata.co.uk

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus