Security Hole found in CPAINT v1.x

To All Users of CPAINT:

The developers of CPAINT have discovered a bug that could allow someone with malicious intent to execute commands or read files (including those containing passwords) on the server. This bug affects all existing versions of CPAINT - both the ASP and PHP implementations.

NOTE: This also affects any software that was built with the CPAINT toolkit. You should contact the author and ask them to upgrade to CPAINT v1.3-SP or attempt to patch the files yourself.

We have identified the cause of the bug and have released a patch containing a blacklist of functions that may not be executed. You can modify this blacklist to add any additional statements or functions that we may have missed, although we believe the blacklist to be complete.

This bug also affects CPAINT v2.0.0 code that exists in the CVS repository on SourceForge.Net. This patch does NOT fix v2.0.0, as we are architecting a better solution for that version, since it has not been officially released.

We have released the patched version as v1.3-SP and it is available for download at http://sourceforge.net/project/showfiles.php?group_id=141041&package_id=154713&release_id=349396

WE HIGHLY RECOMMEND THAT EVERYONE RUNNING ANY VERSION OF CPAINT IMMEDIATELY UPGRADE TO THIS PATCHED VERSION FOR SECURITY PURPOSES!

You do not need to make modifications to your existing code, simply download, uncompress, and overwrite the cpaint.inc.asp and cpaint.inc.php files that currently exist on your server.

The developers sincerely apologize for this bug and worked quickly to patch the CPAINT code. We hope that this discovery has not caused you any inconvenience and we will be releasing v2.0.0 very soon, which will add greater security and functionality as the v1.x releases.

Sincerely,

the CPAINT development team
http://cpaint.sourceforge.net/

Posted by Paige Sullivan 2005-08-15