Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 APP:FCKEDITOR-RCE-UPLOAD

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 FCKeditor Arbitrary File Upload Code Execution

Release Date

 2011/11/01

Update Number

 2021

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: FCKeditor Arbitrary File Upload Code Execution


This signature detects attempts to exploit a known flaw in FCKeditor. FCKeditor is a web based open source HTML text editor. A successful attack could result in arbitrary code execution.

Extended Description

FCKeditor is prone to a vulnerability that lets attackers upload arbitrary files it fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Versions prior to FCKeditor 2.6.4.1 are vulnerable.

Affected Products

  • Adobe coldfusion 8.0
  • Adobe coldfusion 8.0.1
  • Alexscriptengine article-engine 1.3.0
  • Alexscriptengine news-engine 1.5.1
  • Clansphere clansphere 2008
  • Clansphere clansphere 2008.2.1
  • Clansphere clansphere 2009.0
  • Clansphere clansphere 2009.0.1
  • Debian linux 5.0
  • Debian linux 5.0 Alpha
  • Debian linux 5.0 Amd64
  • Debian linux 5.0 Arm
  • Debian linux 5.0 Armel
  • Debian linux 5.0 Hppa
  • Debian linux 5.0 Ia-32
  • Debian linux 5.0 Ia-64
  • Debian linux 5.0 M68k
  • Debian linux 5.0 Mips
  • Debian linux 5.0 Mipsel
  • Debian linux 5.0 Powerpc
  • Debian linux 5.0 S/390
  • Debian linux 5.0 Sparc
  • Dokeos dokeos 1.8.5
  • Dokeos dokeos 1.8.6
  • Falt4_cms falt4_extreme RC4
  • Fckeditor fckeditor 2.0.0 rc2
  • Fckeditor fckeditor 2.0.0 rc3
  • Fckeditor fckeditor 2.2
  • Fckeditor fckeditor 2.3 beta
  • Fckeditor fckeditor 2.4.3
  • Fckeditor fckeditor 2.6.4
  • Knowledgeroot knowledgebase 0.9.9.5
  • Nakid nakid_cms 0.5.2
  • Phplist phplist 2.10.1
  • Phplist phplist 2.10.2
  • Phplist phplist 2.10.3
  • Phplist phplist 2.10.4
  • Phplist phplist 2.10.5
  • Phplist phplist 2.10.6
  • Php-nuke php-nuke 8.2
  • Red_hat fedora 10
  • Red_hat fedora 11
  • Tru-zone nukeet 3.4
  • Xtcmodified_ecommerce_shopsoftware xtcmodified 1.04
  • Zope zope.html 1.1.0

References

  • BugTraq: 31812
  • CVE: CVE-2009-2265
  • URL: http://www.securityfocus.com/archive/1/archive/1/504721/100/0/threaded

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out