MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [security] Fixed an RCE vulnerability with user controled entries being fed to file_exists 

- phar protocol paths for php file instructions can lead to RCE via meta-data deserialization
- mitigated by the functionalities enabling this being only accessible to site admins

- Reported by Dawid Czarnecki
pull/4769/head
iglocska 2019-06-16 19:11:35 +02:00
parent 5d611c39ff
commit c42c5fe927
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Model/Server.php
View File

@ -3076,6 +3076,9 @@ class Server extends AppModel
public function testForBinExec($value)
{
if (substr($value, 0, 7) === "phar://") {
return 'Phar protocol not allowed.';
}
$finfo = finfo_open(FILEINFO_MIME_TYPE);
if ($value === '') {
return true;
@ -3094,6 +3097,9 @@ class Server extends AppModel
public function testForWritableDir($value)
{
if (substr($value, 0, 7) === "phar://") {
return 'Phar protocol not allowed.';
}
if (!is_dir($value)) {
return 'Not a valid directory.';
}