-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
pfSense-SA-15_09.webgui                                     Security Advisory
                                                                      pfSense

Topic:          Local File Inclusion Vulnerability in the pfSense WebGUI

Category:       pfSense Base System
Module:         webgui
Announced:      2015-12-21
Credits:        Rio Sherri
Affects:        pfSense <= 2.2.5
Corrected:      2015-12-04 (pfsense/master, pfSense 2.3)
                2015-12-04 (pfsense/RELENG_2_2, pfSense 2.2.6)

0.   Revision History

v1.0  2015-12-21 Initial release

I.   Background

The pfSense® system is a free network firewall distribution based on the
FreeBSD operating system.  The pfSense system includes third-party free software
packages for additional functionality, and provides most of the functionality
of common commercial firewalls.

The majority of users of pfSense software have never installed or used a stock
FreeBSD system.  Unlike similar GNU/Linux-based firewall distributions, there
is no need for any UNIX knowledge.  The command line is never used, and there
is no need to ever manually edit any rule sets. Instead, pfSense software
includes a web interface for the configuration of all included components.
Users familiar with commercial firewalls will quickly understand the web
interface, while those unfamiliar with commercial-grade firewalls may encounter
a short learning curve.

II.  Problem Description

A local file inclusion vulnerabililty was found in the pfSense WebGUI.

III. Impact

A user with limited administrative rights having privileges to write files 
to the filesystem, and access to pkg.php or wizard.php pages, can escalate 
their privileges to that of a full administrator. 

IV.  Workaround

Upgrade to pfSense 2.2.6 or later which includes fixes for these issues.

To mitigate the problem on older releases, use one or more of the following:
* Limit access to the affected pages to trusted administrators only.

V.   Solution

Upgrade to pfSense 2.2.6. This may be performed in the web interface or from
the console.

   See https://doc.pfsense.org/index.php/Upgrade_Guide

VI.  Correction details

The following list contains the correction revision numbers for each
affected item.

Branch/path                                                      Revision
- - -------------------------------------------------------------------------
pfSense/master			   44bcf766b9ddd4fd0a3327deb2213f9666aa6f4a
pfSense/RELENG_2_2                 3ac0284805ce357552c3ccaeff0a9aadd0c6ea13
- - -------------------------------------------------------------------------

VII. References

None.

The latest revision of this advisory is available at
<URL:https://pfsense.org/security/advisories/pfSense-SA-15_09.webgui.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWeHGyAAoJEBO5h/2SFPjaipsQAJ9NZY7ioJWAvjbz4Yf/fEEN
1uzizcOuBqNgfnSN/L88TRvNbqZsRVe1EbLKAnqWoe67XAveRweoIvQSNDt1YgHn
EywMc3lRE4Qq3gY7F/AB3jOtzN4n37/NCCTJClWfW/o4MQnK0qAdOX9fsLDgFMii
laiuxknZPubCN2UqcihpIQBpp7Nb7mZsq0rhgh6brZ69DLFBJWwvwsyGhFWwhQoO
sQwPk4qeIte4nmn7h6hNqjnZNt1h6Tfc1lkCq+0GDC0l/gzeEdDkYYkMxvRh+tPR
cwRW6lDc8V3eWkcJCeN3c/GRxZQ2srKp95oSjSB5dZ7f7qVDpICyw9zRrRmgnNKm
13TFTe6+l792nrExhUUkpP6YYaarthvjt16kfMfp6jVlfw6jG8MInaTt47VkfFc3
HrS02sS3nB5o1R4GEbmll7zV+dJsOjlLihqBhqQcBlJs9weAs5IrrZ/+cn/On3HF
Qb2ypr5NvhJNvwBTGwC2aafnOGmMVMyzK8vn0Jk16oRDQZ29z9Zm40+Qk4zKfT9z
qQmWeev/3aIU02jdBsiLhnRlLVcTPjCGjo/vB6JKN3B9UD1cLy+rA9/+yhaMR0gu
vgBEO9LvQ/3P/h5Vhh4vD4MXJcTbR9v2FmBI2LDOlvHWgGnomMcp/Y7fCouxO/W3
u0fvx4lBTZJEEVKJsaQP
=SwIh
-----END PGP SIGNATURE-----