Dognædis Ref.: DGS-SEC-13
CVE Ref: CVE-2013-2284
Release Date: 2013/03/01
Discover Credits: CodeV - Code Analyzer
Bulletin Author(s): DMarcos - CodeV Team
Type: Path injection
Level: Very High (Low/High/Critical)
CVSS: 6.3 (Av:N/AC:L/Au:N/C:P/I:P/A:P)
Vulnerable Application: EyeOS development trunk
EyeOS invented the web desktop 6 years ago and it is today the leading Cloud Desktop worldwide. Headquartered in Barcelona, EyeOS is one of the biggest Open Source projects in Europe with more than 1 million downloads and communities across the globe.
IBM has selected EyeOS as its preferred Open Source Cloud platform in 2010 and signed a global partnership. Gartner named EyeOS Cool Vendor in IT Operations management in 2011. The company has closed its first funding round with Spanish VCs and Business Angels in June 2011 and has just launched in October 2011 its first commercial license, the EyeOS Professional Edition.
The referred vulnerabilies could be exploited through Path Injection attacks, aiming to search content from the server that is not accessible by the user. It could also be used to search content from files outside of the server document root. Despite existing some ".htaccess" files to avoid the direct calling of the referred files, the "AllowOverride" directive is, in most cases, set to "None" by default in the Apache configuration, making this protection uneffective.
The server may show content from files that are not supposed to be access by the user, representing a probable confidentiality breach. That can put integrity and server availability at risk.
The path should be validated against application and user boundaries.
At the moment, there is no official solution for the reported vulnerabilities.