Description

Introduction to Components

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from the application logic (PHP). This is important in collaborative projects or where the application programmer and the template designer are not the same person.

Summary

The Sangfor Security Team has verified the Smarty sandbox escape vulnerability CVE-2021-26119, classified as critical.

CVE-2021-26119 vulnerability allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. The vulnerability is found in template files compiled and generated by the engine using the Smarty_Internal_Runtime_TplFunction template. Attackers can exploit this vulnerability to construct malicious data with permission, and ultimately cause remote code execution.

Reproduction

CVE-2021-26119

The Sangfor Security Team established the environment of Smarty 3.1.38 and successfully reproduce this vulnerability as follows:

Impact

Smarty is a well-known template engine written in PHP. There are tens of thousands of unique visitors on the Smarty website daily.

Affected Versions:

Smarty 3.1.38 and earlier versions

Timeline

Feb 18, 2021 Sangfor FarSight Labs detected that Smarty released a security patch.
Feb 25, 2021 Sangfor FarSight Labs reproduced this vulnerability successfully and released solutions.

Learn More

Sangfor FarSight Labs researches the latest and unknown zero-day vulnerabilities and threats, alerting customers to vulnerabilities that can pose threats to their organizations, and providing solutions as soon as possible with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats so our customers can be protected from them as quickly as possible.

Remediation Solution

Smarty has released a new version to fix this vulnerability. Please download it from the following link: https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md

Sangfor Solution

  1. For Sangfor NGAF customers, click Update on Security Capability Update.
  2. Sangfor Cloud WAF has automatically updated its database in the cloud. Users are already protected from this vulnerability without any additional operation required.
  3. Sangfor Cyber Command detects attacks which exploit this vulnerability and can alert users in real time. Users can integrate Cyber Command with NGAF to block an attacker's IP address.
  4. Sangfor SOC has Sangfor security specialists available 24/7 to help you resolve any security issues. After rule update release, Sangfor security experts check and update the customer's vulnerability detection equipment and perform a vulnerability scan of the customer's network environment to ensure that the customer's host is free from this vulnerability. For users with vulnerabilities, the SOC regularly reviews and updates device policies to ensure protection against this vulnerability.



Listen To This Post

Search

Subscription

Dont Miss Our Newest Article by Subscribing to Sangfor

Related Articles

Cyber Security

Parrot TDS Infects Thousands of Websites for Targeted Malware Distribution

Date : 12 May 2022
Read Now

Cyber Security

What Is A DDOS Attack | How Does It Work | Sangfor Glossary

Date : 05 May 2022
Read Now

Cyber Security

What Is DLP (Data Loss Prevention) | Sangfor Glossary

Date : 05 May 2022
Read Now

See Other Product

Platform-X
SASE Access
EasyConnect
SSL VPN
Cyber Command - NDR Platform
Endpoint Secure
icon notification