Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
security [2010/04/05 23:19] greg |
security [2010/04/07 18:12] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
===Security Vulnerabilities=== | ===Security Vulnerabilities=== | ||
- | ==2010:0317 >> | + | ==2010:0317 >> disabling Sahana security |
Ability to completely disable authentication via stream.php and commented | Ability to completely disable authentication via stream.php and commented | ||
out module authentication code within it. | out module authentication code within it. | ||
- | http://victim/< | + | http://sahana/ |
- | Authenticates correctly. | + | http://sahana/ |
- | + | ||
- | http://victim/< | + | |
- | Does not. | + | |
- | + | ||
+ | The patch for this vulnerability disallow the streaming module from disabling the Sahana ACL. | ||
+ | Code Commits:\\ | ||
+ | trunk >> http:// | ||
+ | rel_0_6 >> http:// | ||
+ | \\ | ||
+ | \\ | ||
+ | \\ | ||
+ | \\ | ||
+ | \\ | ||
==2009:1210 >> mod variable exploits in lib_locale == | ==2009:1210 >> mod variable exploits in lib_locale == | ||
Line 31: | Line 35: | ||
rel_0_6 >> http:// | rel_0_6 >> http:// | ||
trunk >> http:// | trunk >> http:// | ||
- | + | \\ | |
- | + | \\ | |
+ | \\ | ||
+ | \\ | ||
+ | \\ | ||
==2009: | ==2009: | ||
Line 50: | Line 56: | ||
rel_0_6 >> http:// | rel_0_6 >> http:// | ||
trunk >> http:// | trunk >> http:// | ||
- | + | \\ | |
- | + | \\ | |
+ | \\ | ||
+ | \\ | ||
+ | \\ | ||
==2009: | ==2009: | ||
Line 67: | Line 75: | ||
rel_0_6 >> http:// | rel_0_6 >> http:// | ||
trunk >> http:// | trunk >> http:// | ||
- | + | \\ | |
+ | \\ | ||
+ | \\ | ||
+ | \\ | ||
+ | \\ | ||
==2009:1019 >> Null character URL Exploit== | ==2009:1019 >> Null character URL Exploit== | ||