Reference: CERT-EU Security Advisory 2016-127 ==================FOR INTERNAL USE ONLY================= Short Summary - ------------- The Coder module for Drupal is prone to a remote code-execution vulnerability; fixes are available. Drupal Coder Module Remote Code Execution Vulnerability Bugtraq ID 91747 CVE CVE-MAP-NOMATCH Published Jul 13 2016 Last Update 07/13/2016 5:28:19 PM GMT Remote Yes Local No Credibility Vendor Confirmed Classification Input Validation Error Ease No Exploit Available Availability Always Authentication Not Required CVSS Version 2 Scores CVSS2 Base 10 CVSS2 Temporal 7.4 CVSS2 Base Vector AV:N/AC:L/Au:N/C:C/I:C/A:C CVSS2 Temporal VectorE:U/RL:OF/RC:C CVSS Version 1 Scores CVSS1 Base 10 CVSS1 Temporal 7.4 NVD CVSS2 BaseScore 7.5 NVD CVSS2 ComponentStringAV:N/AC:L/Au:N/C:P/I:P/A:P Impact 10 Severity 10 Urgency Rating 8.2 Last Change Initial analysis. Impact - ------ An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. Technical Description - --------------------- Coder is a module for the Drupal content manager. The Coder module for Drupal is prone to a remote code-execution vulnerability. Specifically, this issue occurs because it fails to properly sanitize user-supplied input in a script file that has the php extension. An attacker can exploit this issue by making requests directly to this file to execute arbitrary php code. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. Coder module 7.x-1.x versions prior to 7.x-1.3 are vulnerable. Coder module 7.x-2.x versions prior to 7.x-2.6 are vulnerable. Attack Scenarios - ---------------- 1. An attacker locates a computer hosting the vulnerable application. 2. The attacker crafts a malicious PHP file sufficient to trigger this issue and sends it to the affected application. 3. When the application processes the file, the issue is triggered. Solutions - --------- Updates are available. Please see the references or vendor advisory for more information. Vulnerable Systems - ------------------ Drupal Coder 7.x-2.0 cpe:/a:drupal:coder:7.x-2.0 SYMC Drupal Coder 7.x-2.1 cpe:/a:drupal:coder:7.x-2.1 SYMC Drupal Coder 7.x-2.2 cpe:/a:drupal:coder:7.x-2.2 SYMC Drupal Coder 7.x-2.3 cpe:/a:drupal:coder:7.x-2.3 SYMC Drupal Coder 7.x-2.4 cpe:/a:drupal:coder:7.x-2.4 SYMC Drupal Coder 7.x-2.5 cpe:/a:drupal:coder:7.x-2.5 SYMC Drupal Coder 7.x-1.0 cpe:/a:drupal:coder:7.x-1.0 SYMC Drupal Coder 7.x-1.1 cpe:/a:drupal:coder:7.x-1.1 SYMC Drupal Coder 7.x-1.2 cpe:/a:drupal:coder:7.x-1.2 SYMC References - ---------- Advisory:DRUPAL-SA-CONTRIB-2016-039: Arbitrary PHP code execution (Drupal) Drupal https://www.drupal.org/node/2765575 Web Page:Drupal Homepage (Drupal) Drupal http://drupal.org/ Web Page:Releases for Coder (Drupal) Drupal https://www.drupal.org/project/coder/releases/ =============================================================== This is an automatic alert service based on Symantec Deepsight. It is intended only for the use of CERT-EU Constituency. =============================================================== CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383