TITLE:
Django Two Vulnerabilities
SECUNIA ADVISORY ID:
SA23826
VERIFY ADVISORY:
http://secunia.com/advisories/23826/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, System access
WHERE:
>From remote
SOFTWARE:
Django 0.x
http://secunia.com/product/13287/
DESCRIPTION:
Some vulnerabilities have been reported in Django, which can be
exploited by malicious users to bypass certain security restrictions
or malicious people to compromise a vulnerable system.
1) The bin/compile-messages.py script does not correctly escape the
filename of .po message files. This can be exploited to execute
arbitrary shell commands via a maliciously named .po file.
2) The authentication middleware incorrectly caches the
"request.user" parameter between requests, which could be exploited
to e.g. access pages as another user.
The vulnerabilities are reported in version 0.95. Other versions may
also be affected.
SOLUTION:
Fixed in the SVN repository.
http://code.djangoproject.com/changeset/3592
http://code.djangoproject.com/changeset/3754
PROVIDED AND/OR DISCOVERED BY:
1) Disclosed in an SVN commit.
2) jkocherhans
ORIGINAL ADVISORY:
http://code.djangoproject.com/ticket/2702
http://code.djangoproject.com/changeset/3592
http://code.djangoproject.com/changeset/3754
OTHER REFERENCES:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407519
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407521
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.