|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200503-35] Smarty: Template vulnerability Vulnerability Scan
Vulnerability Scan Summary Smarty: Template vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200503-35
(Smarty: Template vulnerability)
A vulnerability has been discovered within the regex_replace modifier
of the Smarty templates when allowing access to untrusted users.
Furthermore, it was possible to call functions from {if} statements and
{math} functions.
Impact
These issues may allow a remote attacker to bypass the "template
security" feature of Smarty, and execute arbitrary PHP code.
Workaround
Do not grant template access to untrusted users.
References:
http://smarty.php.net/misc/NEWS
Solution:
All Smarty users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-php/smarty-2.6.9"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|