Signature Detail

APP: FCKeditor Arbitrary File Upload Code Execution

This signature detects attempts to exploit a known flaw in FCKeditor. FCKeditor is a web based open source HTML text editor. A successful attack could result in arbitrary code execution.

Extended Description

FCKeditor is prone to a vulnerability that lets attackers upload arbitrary files it fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Versions prior to FCKeditor 2.6.4.1 are vulnerable.

Affected Products

• Adobe ColdFusion 8.0
• Adobe ColdFusion 8.0.1
• Alexscriptengine Article-Engine 1.3.0
• Alexscriptengine News-Engine 1.5.1
• Clansphere 2008
• Clansphere 2008.2.1
• Clansphere 2009.0
• Clansphere 2009.0.1
• Debian Linux 5.0
• Debian Linux 5.0 Alpha
• Debian Linux 5.0 Amd64
• Debian Linux 5.0 Arm
• Debian Linux 5.0 Armel
• Debian Linux 5.0 Hppa
• Debian Linux 5.0 Ia-32
• Debian Linux 5.0 Ia-64
• Debian Linux 5.0 M68k
• Debian Linux 5.0 Mips
• Debian Linux 5.0 Mipsel
• Debian Linux 5.0 Powerpc
• Debian Linux 5.0 S/390
• Debian Linux 5.0 Sparc
• Dokeos 1.8.5
• Dokeos 1.8.6
• Falt4 CMS Falt4 Extreme RC4
• FCKeditor 2.0.0 rc2
• FCKeditor 2.0.0 rc3
• FCKeditor 2.2
• FCKeditor 2.3 beta
• FCKeditor 2.4.3
• FCKeditor 2.6.4
• Knowledgeroot Knowledgebase 0.9.9.5
• Nakid Nakid CMS 0.5.2
• PHPList 2.10.1
• PHPList 2.10.2
• PHPList 2.10.3
• PHPList 2.10.4
• PHPList 2.10.5
• PHPList 2.10.6
• PHP-Nuke 8.2
• Red Hat Fedora 10
• Red Hat Fedora 11
• Tru-Zone NukeET 3.4
• xtcModified eCommerce Shopsoftware xtcModified 1.04
• Zope Zope.html 1.1.0

References

• BugTraq: 31812
• CVE: CVE-2009-2265
• URL: http://www.securityfocus.com/archive/1/archive/1/504721/100/0/threaded