MS-ISAC CYBERSECURITY ADVISORIES
MS-ISAC ADVISORY NUMBER:
Multipleï¿½Vulnerabilities in Joomla Could Allow for Arbitrary File Upload
Multiple vulnerabilities have been discovered in Joomla, the most severe of which could allow for arbitrary file upload that may lead to arbitrary code execution. Joomla is an open source content management system for websites. Successful exploitation of these vulnerabilities could allow an attacker to upload arbitrary files to the affected computer that may result in arbitrary code execution, elevation of privilege, or information disclosure.
There are currently no reports of these vulnerabilities being exploited in the wild.
· Joomla versions 1.6.0 through 3.6.4
· Large and medium government entities: High
· Small government entities: Medium
· Large and medium business entities: High
· Small business entities: Medium
Home users: Low
Multiple vulnerabilities have been discovered in Joomla! Core, the most severe of which allow for arbitrary file upload that may lead to arbitrary code execution. Details of the vulnerabilities are as follows:
· One Arbitrary File Upload vulnerability exists due to inadequate filesystem checks allowing files with alternative PHP file extensions to be uploaded. (CVE-2016-9836)
· One Information Disclosure vulnerability exists due to inadequate ACL checks in the Beez3 com_content article layout override enables a user to view restricted content. (CVE-2016-9837)
· One Elevation of Privilege vulnerability exists due to incorrect use of unfiltered data stored to the session on a form validation failure allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments. (CVE-2016-9838)
Successful exploitation of these vulnerabilities could allow an attacker to upload arbitrary files to the affected computer that may result in arbitrary code execution, elevation of privilege, or information disclosure.
We recommend the following actions be taken:
· Apply appropriate patches provided by Joomla! to vulnerable systems immediately after appropriate testing.
· Verify no unauthorized system modifications have occurred on system before applying patch.
· Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
· Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
· Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.