BID:17873

Claroline Multiple Remote File Include Vulnerabilities

Info

Claroline Multiple Remote File Include Vulnerabilities

Bugtraq ID:	17873
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 08 2006 12:00AM
Updated:	May 15 2006 10:39PM
Credit:	beford is credited with the discovery of these vulnerabilities.
Vulnerable:	Dokeos Open Source Learning & Knowledge Management Tool 1.6.4 Dokeos Open Source Learning & Knowledge Management Tool 1.6 RC2 Dokeos Open Source Learning & Knowledge Management Tool 1.5.5 Dokeos Open Source Learning & Knowledge Management Tool 1.5.4 Dokeos Open Source Learning & Knowledge Management Tool 1.5.3 Dokeos Open Source Learning & Knowledge Management Tool 1.5 Dokeos Open Source Learning & Knowledge Management Tool 1.4 Claroline Claroline 1.7.5 Claroline Claroline 1.7.4 Claroline Claroline 1.7.2 Claroline Claroline 1.6 rc1 Claroline Claroline 1.6 beta Claroline Claroline 1.6 Claroline Claroline 1.5.4 Claroline Claroline 1.5.3 Claroline Claroline 1.5

Not Vulnerable:

Discussion

Claroline Multiple Remote File Include Vulnerabilities

Claroline is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

These issues also affect Dokeos version 1.6.4; earlier versions may also be vulnerable.

Exploit / POC

Claroline Multiple Remote File Include Vulnerabilities

This issue can be exploited through a web client.

The following exploits are available:

/data/vulnerabilities/exploits/Claroline-0508-rfi.pl
/data/vulnerabilities/exploits/Dokeos-0508-rfi.pl

Solution / Fix

Claroline Multiple Remote File Include Vulnerabilities

Solution:
Dokeos has released a patch to address this issue. Users are advised to contact the vendor for further information.

Dokeos Open Source Learning & Knowledge Management Tool 1.6.4

Dokeos dokeos-1.6.4-patch1.zip
http://www.dokeos.com/download/dokeos-1.6.4-patch1.zip

References

Claroline Multiple Remote File Include Vulnerabilities

References:

[Fixed Dokeos 1.6.4] is it a security problem ? (Dokeos)
Claroline Homepage (Claroline)
Dokeos 1.6.4. : fixing a backdoor security issue (Dokeos)
Dokeos Security Page (Dokeos)
Project Home Page (Dokeos)
Claroline Open Source e-Learning 1.7.5 Remote File Include (beford)
Dokeos Learning Management System 1.6.4 Remote File Include (beford)