===================================================================== CERT-Renater Note d'Information No. 2008/VULN289 _____________________________________________________________________ DATE : 10/07/2008 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows running Dokeos version 1.8.5. ====================================================================== http://www.dokeos.com/wiki/index.php/Security#Dokeos_1.8.5 ______________________________________________________________________ Dokeos 1.8.5 * A security issue has been detected in Dokeos 1.8.5 running under the MS-Windows operating system, any version, whereby a remote attacker can include a system file by abusing the incorrectly filtered "include" parameter. Fixing this issue can be done by replacing line 770 of /user_portal.php by: if (!empty ($_GET['include']) && preg_match('/^[a-zA-Z0-9_-]*\.html$/',$_GET['include'])) More information to come... It is unlikely we will issue a proper patch other than just the user_portal.php file as it only affects Windows server and the change is a one-liner, and the next release of Dokeos might be out sooner than expected due to several minor bugs that are making Dokeos 1.8.5 slightly uncomfortable to use for the teacher in very specific conditions (edition of documents with external resources integrated through FCKeditor). ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================