Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
security [2010/04/05 23:19]
greg
security [2010/04/07 18:12] (current)
Line 1: Line 1:
 ===Security Vulnerabilities=== ===Security Vulnerabilities===
  
-==2010:0317 >> bypass and disabling Sahana security via stream module+==2010:0317 >> disabling Sahana security ACL via stream module ==
  
 Ability to completely disable authentication via stream.php and commented Ability to completely disable authentication via stream.php and commented
 out module authentication code within it. out module authentication code within it.
  
-http://victim/<sahana_path>/index.php?mod=admin&act=acl_enable_acl +http://sahana/index.php?mod=admin&act=acl_enable_acl Authenticates correctly. \\ 
-Authenticates correctly. +http://sahana/stream.php?mod=admin&act=acl_enable_acl Does not.
- +
-http://victim/<sahana_path>/stream.php?mod=admin&act=acl_enable_acl +
-Does not. +
- +
  
 +The patch for this vulnerability disallow the streaming module from disabling the Sahana ACL.
  
 +Code Commits:\\
 +trunk >> http://bazaar.launchpad.net/~sahana-php/s3/php-cvs-trunk/revision/4531 \\
 +rel_0_6 >> http://bazaar.launchpad.net/~sahana-php/s3/php-cvs-stable/revision/3798 \\
 +\\
 +\\
 +\\
 +\\
 +\\
 ==2009:1210 >> mod variable exploits in lib_locale == ==2009:1210 >> mod variable exploits in lib_locale ==
  
Line 31: Line 35:
 rel_0_6 >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/inc/lib_locale/lib_locale.inc?r1=1.23.2.4&r2=1.23.2.5 \\ rel_0_6 >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/inc/lib_locale/lib_locale.inc?r1=1.23.2.4&r2=1.23.2.5 \\
 trunk >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/inc/lib_locale/lib_locale.inc?r1=1.29&r2=1.30 \\ trunk >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/inc/lib_locale/lib_locale.inc?r1=1.29&r2=1.30 \\
- +\\ 
- +\\ 
 +\\ 
 +\\ 
 +\\
 ==2009:1029-2 >> MPR Module Exploits== ==2009:1029-2 >> MPR Module Exploits==
  
Line 50: Line 56:
 rel_0_6 >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/mod/mpr/search.inc?revision=1.17.24.8&view=markup \\ rel_0_6 >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/mod/mpr/search.inc?revision=1.17.24.8&view=markup \\
 trunk >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/mod/mpr/search.inc?revision=1.31&view=markup \\ trunk >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/mod/mpr/search.inc?revision=1.31&view=markup \\
- +\\ 
- +\\ 
 +\\ 
 +\\ 
 +\\
 ==2009:1029-1 >> Session Fixation Exploit== ==2009:1029-1 >> Session Fixation Exploit==
  
Line 67: Line 75:
 rel_0_6 >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/inc/lib_session/handler_session.inc?revision=1.12.4.1&view=markup\\ rel_0_6 >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/inc/lib_session/handler_session.inc?revision=1.12.4.1&view=markup\\
 trunk >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/inc/lib_session/handler_session.inc?revision=1.16&view=markup\\ trunk >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/inc/lib_session/handler_session.inc?revision=1.16&view=markup\\
- +\\ 
 +\\ 
 +\\ 
 +\\ 
 +\\
 ==2009:1019 >> Null character URL Exploit== ==2009:1019 >> Null character URL Exploit==
  

Navigation
QR Code
QR Code security (generated for current page)