GLSA
Bodhisattva
Joined: 17 Apr 2002
Posts: 2602
Location: Baltimore, MD
|
 Posted: Wed Mar 30, 2005 3:39 pm Post subject: [ GLSA 200503-35 ] Smarty: Template vulnerability |
 |
|
Gentoo Linux Security Advisory
Title: Smarty: Template vulnerability (GLSA 200503-35)
Severity: high
Exploitable: remote
Date: March 30, 2005
Updated: May 22, 2006
Bug(s): #86488
ID: 200503-35
Synopsis
Smarty's "Template security" feature can be bypassed, potentially allowing a remote attacker to execute arbitrary PHP code.
Background
Smarty is a template engine for PHP. The "template security" feature of Smarty is designed to help reduce the risk of a system compromise when you have untrusted parties editing templates.
Affected Packages
Package: dev-php/smarty
Vulnerable: < 2.6.9
Unaffected: >= 2.6.9
Architectures: All supported architectures
Description
A vulnerability has been discovered within the regex_replace modifier of the Smarty templates when allowing access to untrusted users. Furthermore, it was possible to call functions from {if} statements and {math} functions.
Impact
These issues may allow a remote attacker to bypass the "template security" feature of Smarty, and execute arbitrary PHP code.
Workaround
Do not grant template access to untrusted users.
Resolution
All Smarty users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-php/smarty-2.6.9" |
References
Smarty ChangeLog
CVE-2005-0913
Last edited by GLSA on Mon May 22, 2006 4:18 am; edited 2 times in total |
|
News & Announcements
