=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2011/VULN044
_____________________________________________________________________

DATE                      : 21/01/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running DotNetNuke versions 5.x.x
                              up to and including 5.6.0.

======================================================================
http://www.dotnetnuke.com/securitybulletinno46/tabid/2113/Default.aspx
______________________________________________________________________

Unauthenticated user can install/uninstall modules

Published: Jan 19, 2011

Version: 1.0

Maximum Severity Rating: Critical

Background

As DotNetNuke modules contain code which is ran on the server, to both
install and uninstall modules is a host (superuser) only operation.

Issue Summary

A poor design pattern in the validation code meant that it was possible
for potential hackers to access both the install and uninstall functions
via a user who did not have host permissions. Once accessed these
functions allowed for the uninstalling of modules, or installation of
modules. Whilst the modules would then fail to install fully due to user
file permissions, it was possible to access the failed installation and
hence run code.

Mitigating factors

Sites that have the viewstate encrypted are protected against accessing
failed user uploads.

Affected DotNetNuke versions

    * 5.0.0-5.6.0

Non-Affected Versions:

    * All other versions

Fix(s) for issue

To fix this problem, you are recommended to update to the latest version
of DotNetNuke (5.6.1 at time of writing)

Acknowledgments

Daniël Niggebrugge of Fox-IT BV (www.fox-it.com)

Security Policy

Click here to read more details on the DotNetnuke Security Policy


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================