Reference: CERT-EU Security Advisory 2016-127
==================FOR INTERNAL USE ONLY=================
Short Summary
- -------------
The Coder module for Drupal is prone to a remote code-execution
vulnerability; fixes are available.
Drupal Coder Module Remote Code Execution Vulnerability
Bugtraq ID 91747
CVE CVE-MAP-NOMATCH
Published Jul 13 2016
Last Update 07/13/2016 5:28:19 PM GMT
Remote Yes
Local No
Credibility Vendor Confirmed
Classification Input Validation Error
Ease No Exploit Available
Availability Always
Authentication Not Required
CVSS Version 2 Scores
CVSS2 Base 10
CVSS2 Temporal 7.4
CVSS2 Base Vector AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS2 Temporal VectorE:U/RL:OF/RC:C
CVSS Version 1 Scores
CVSS1 Base 10
CVSS1 Temporal 7.4
NVD CVSS2 BaseScore 7.5
NVD CVSS2 ComponentStringAV:N/AC:L/Au:N/C:P/I:P/A:P
Impact 10 Severity 10 Urgency Rating 8.2
Last Change Initial analysis.
Impact
- ------
An attacker can exploit this issue to execute arbitrary code in the
context of the affected application. Failed exploit attempts may result
in a denial-of-service condition.
Technical Description
- ---------------------
Coder is a module for the Drupal content manager.
The Coder module for Drupal is prone to a remote code-execution
vulnerability. Specifically, this issue occurs because it fails to
properly sanitize user-supplied input in a script file that has the php
extension. An attacker can exploit this issue by making requests directly
to this file to execute arbitrary php code.
An attacker can exploit this issue to execute arbitrary code in the
context of the affected application. Failed exploit attempts may result
in a denial-of-service condition.
Coder module 7.x-1.x versions prior to 7.x-1.3 are vulnerable.
Coder module 7.x-2.x versions prior to 7.x-2.6 are vulnerable.
Attack Scenarios
- ----------------
1. An attacker locates a computer hosting the vulnerable application.
2. The attacker crafts a malicious PHP file sufficient to trigger this
issue and sends it to the affected application.
3. When the application processes the file, the issue is triggered.
Solutions
- ---------
Updates are available. Please see the references or vendor advisory for
more information.
Vulnerable Systems
- ------------------
Drupal Coder 7.x-2.0 cpe:/a:drupal:coder:7.x-2.0 SYMC
Drupal Coder 7.x-2.1 cpe:/a:drupal:coder:7.x-2.1 SYMC
Drupal Coder 7.x-2.2 cpe:/a:drupal:coder:7.x-2.2 SYMC
Drupal Coder 7.x-2.3 cpe:/a:drupal:coder:7.x-2.3 SYMC
Drupal Coder 7.x-2.4 cpe:/a:drupal:coder:7.x-2.4 SYMC
Drupal Coder 7.x-2.5 cpe:/a:drupal:coder:7.x-2.5 SYMC
Drupal Coder 7.x-1.0 cpe:/a:drupal:coder:7.x-1.0 SYMC
Drupal Coder 7.x-1.1 cpe:/a:drupal:coder:7.x-1.1 SYMC
Drupal Coder 7.x-1.2 cpe:/a:drupal:coder:7.x-1.2 SYMC
References
- ----------
Advisory:DRUPAL-SA-CONTRIB-2016-039: Arbitrary PHP code execution
(Drupal) Drupal
https://www.drupal.org/node/2765575
Web Page:Drupal Homepage (Drupal) Drupal
http://drupal.org/
Web Page:Releases for Coder (Drupal) Drupal
https://www.drupal.org/project/coder/releases/
===============================================================
This is an automatic alert service based on Symantec Deepsight.
It is intended only for the use of CERT-EU Constituency.
===============================================================
CERT-EU (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383