Reference: CERT-EU Security Advisory 2016-127

==================FOR INTERNAL USE ONLY=================


Short Summary
- -------------
The Coder module for Drupal is prone to a remote code-execution 
vulnerability; fixes are available.

Drupal Coder Module Remote Code Execution Vulnerability

Bugtraq ID          91747
CVE                 CVE-MAP-NOMATCH
Published           Jul 13 2016
Last Update         07/13/2016 5:28:19 PM GMT
Remote              Yes
Local               No
Credibility         Vendor Confirmed
Classification      Input Validation Error
Ease                No Exploit Available
Availability        Always
Authentication      Not Required

CVSS Version 2 Scores
CVSS2 Base          10
CVSS2 Temporal      7.4
CVSS2 Base Vector   AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS2 Temporal VectorE:U/RL:OF/RC:C

CVSS Version 1 Scores
CVSS1 Base          10
CVSS1 Temporal      7.4

NVD CVSS2 BaseScore 7.5
NVD CVSS2 ComponentStringAV:N/AC:L/Au:N/C:P/I:P/A:P

Impact    10        Severity  10        Urgency Rating 8.2

Last Change         Initial analysis.

Impact
- ------
An attacker can exploit this issue to  execute arbitrary code in the 
context of the affected application. Failed  exploit attempts may result 
in a denial-of-service condition.

Technical Description
- ---------------------
Coder is a module for the Drupal content manager.             
                                              
The Coder  module for Drupal is prone to a remote code-execution 
vulnerability. Specifically, this issue occurs because it fails to 
properly sanitize user-supplied input in a script file that has the php 
extension. An attacker can exploit this issue by making requests directly 
to this file to execute arbitrary php code.  
        
An attacker can exploit this issue to execute arbitrary code in the  
context of the affected application. Failed exploit attempts may result  
in a denial-of-service condition.        
        
Coder module 7.x-1.x versions prior to 7.x-1.3 are vulnerable.  
Coder module 7.x-2.x versions prior to 7.x-2.6 are vulnerable.

Attack Scenarios
- ----------------
1. An attacker locates a computer hosting the vulnerable application.     
                                          
2. The attacker crafts a malicious PHP file sufficient to trigger this 
issue and sends it to the affected application.                 
                                          
3. When the application processes the file, the issue is triggered.

Solutions
- ---------
Updates are available. Please see the references or vendor advisory for 
more information.


Vulnerable Systems
- ------------------
Drupal Coder 7.x-2.0 cpe:/a:drupal:coder:7.x-2.0 SYMC
Drupal Coder 7.x-2.1 cpe:/a:drupal:coder:7.x-2.1 SYMC
Drupal Coder 7.x-2.2 cpe:/a:drupal:coder:7.x-2.2 SYMC
Drupal Coder 7.x-2.3 cpe:/a:drupal:coder:7.x-2.3 SYMC
Drupal Coder 7.x-2.4 cpe:/a:drupal:coder:7.x-2.4 SYMC
Drupal Coder 7.x-2.5 cpe:/a:drupal:coder:7.x-2.5 SYMC
Drupal Coder 7.x-1.0 cpe:/a:drupal:coder:7.x-1.0 SYMC
Drupal Coder 7.x-1.1 cpe:/a:drupal:coder:7.x-1.1 SYMC
Drupal Coder 7.x-1.2 cpe:/a:drupal:coder:7.x-1.2 SYMC


References
- ----------
Advisory:DRUPAL-SA-CONTRIB-2016-039: Arbitrary PHP code execution 
(Drupal) Drupal
https://www.drupal.org/node/2765575

Web Page:Drupal Homepage (Drupal) Drupal
http://drupal.org/

Web Page:Releases for Coder (Drupal) Drupal
https://www.drupal.org/project/coder/releases/


===============================================================
This is an automatic alert service based on Symantec Deepsight.
It is intended only for the use of CERT-EU Constituency.
===============================================================

CERT-EU (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383