lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <48EB9545.2040901@beccati.com>
Date: Tue, 07 Oct 2008 18:58:45 +0200
From: Matteo Beccati <php@...cati.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [OPENX-SA-2008-002] OpenX 2.4.9 and 2.6.2 fix SQL injection vulnerability

========================================================================
OpenX security advisory                                OPENX-SA-2008-002
------------------------------------------------------------------------
Advisory ID:           OPENX-SA-2008-002
Date:                  2008-Oct-06
Security risk:         Moderately critical
Applications affetced: OpenX
Versions affected:     <= 2.4.8, <= 2.6.1
Versions not affected: >= 2.4.9, >= 2.6.2
========================================================================


========================================================================
Vulnerability:  Blind SQL injection in ac.php
========================================================================

Description
-----------
A blind SQL injection vulnerability has recently been found by
d00m3r4ng. The vulnerability affects the OpenX delivery engine, which
does not require any kind of authentication.

Input passed to the "bannerid" parameter in www/delivery/ac.php is not
properly sanitised before being used in SQL queries. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution
--------
 - Upgrade to OpenX 2.4.9 or 2.6.2

References
----------
 - http://www.milw0rm.com/exploits/6655
 - http://secunia.com/advisories/32114/

Timeline
--------
2008-Oct-02: the vulnerability was posted to the aforementioned
            security related website
2008-Oct-03: an OpenX user reported the link to our forums
2008-Oct-03: a quick patch for 2.6.x was released to mitigate the
            impact of exploits using the disclosed information
2008-Oct-04: a quick patch for 2.4.x was released to mitigate the
            impact of exploits using the disclosed information
2008-Oct-06: OpenX 2.6.2 was released
2008-Oct-07: OpenX 2.4.9 was released

Contact informations
====================

The security contact for OpenX can be reached at:
<security AT openx DOT org>


-- 
Matteo Beccati

OpenX - http://www.openx.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ