holaCMS vote_filename directory traversal

hola-votefilename-directory-traversal (19672) The risk level is classified as MediumMedium Risk

Description:

holaCMS could allow a remote attacker to traverse directories on the Web server. A remote attacker could send a specially-crafted request to the vote_save_results.php file containing directory traversal sequences in the vote_filename parameter to traverse directories and overwrite or delete arbitrary files on the system, including authentication files, which could allow the attacker to obtain administrative privileges.

Platforms Affected:

  • Bernd Ritter, holaCMS 1.4.9 and prior

Remedy:

Upgrade to the latest version of holaCMS (1.4.9-2 or later), available from the holaCMS Web site. See References.

Consequences:

File Manipulation

References:

  • BugTraq Mailing List, Sat Mar 12 2005 - 16:45:55 CST , Hola CMS - File destruction and System access at http://archives.neohapsis.com/archives/bugtraq/2005-03/0210.html.
  • holaCMS Web site, holaCMS at http://www.holacms.de/.
  • BID-12789: HolaCMS Voting Module Remote File Corruption Vulnerability
  • BID-12799: HolaCMS Voting Module Directory Traversal Remote File Corruption Vulnerability
  • CVE-2005-0795: HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter.
  • CVE-2005-0796: Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary files via a holaDB/votes followed by a .. (dot dot) in the vote_filename parameter, which bypasses the check by HolaCMS to ensure that the file is in the holaDB/votes directory.
  • SA14566: holaCMS "vote_filename" Directory Traversal Vulnerability

Reported:

Mar 12, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page