Plone Zope SAXutils Command Execution

Added: 01/13/2012
CVE: CVE-2011-3587
BID: 49857
OSVDB: 76105

Background

Plone is a free and open source content management system built on top of the Zope application server. Plone can be used for any kind of website, including blogs, internet sites, webshops and internal websites.

Problem

Plone fails to properly sanitize user-supplied input passed to cmd parameter in p_/webdav/xmltools/minidom/xml/sax/saxutils/os/popen2. This can be exploited to execute arbitrary shell commands.

Resolution

Upgrade to Plone 2.12.20 or 2.13.10 or apply patch Products.Zope_Hotfix_CVE_2011_3587.

References

http://plone.org/products/plone/security/advisories/20110928

Limitations

This exploit has been tested against Plone 4.1 on Fedora 13 Linux and Plone 4.0.9 on Ubuntu 10.04 LTS.

Platforms

Windows
Linux
Mac OS X

Back to exploit index