lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <C994BE870DA94074BDAE555B8380366A@minhbqPC>
Date: Wed, 3 Dec 2008 20:02:19 +0700
From: "SVRT-Bkis" <svrt@...v.com.vn>
To: <bugtraq@...urityfocus.com>, <full-disclosure@...ts.grok.org.uk>
Subject: [SVRT-06-08] MULTI SECURITY VULNERABILITIES IN MVNFORUM

MULTI SECURITY VULNERABILITIES IN MVNFORUM

1. General Information
mvnForum is software used for creating forums on the Internet 
(http://www.mvnforum.com). This is an open source software making use of 
Java J2EE (ISP/Servlet) technology.

On September 6 2008, SVRT-Bkis found several CSRF and XSS vulnerabilities in 
some functions of mvnForum 1.2 GA. These are highly serious vulnerabilities 
allowing hackers to perform privilege escalation attack on the Forum.

We have contacted the development team and they have patched all those 
vulnerabilities in the latest version of mvnForum 1.2.1 GA.

Details : http://security.bkis.vn/?p=286
SVRT Advisory : SVRT-06-08
Initial vendor notification : 30-10-2008
Release Date : 03-12-2008
Update Date : 03-12-2008
Discovered by : SVRT-Bkis
Attack Type : CSRF, XSS
Security Rating : Critical
Impact : Privilege escalation
Affected Software : mvnForum (version <= 1.2 GA)


2. Technical Description
We have detected five vulnerabilities in different functions of mvnForum, 
four of which are CSRF (Cross-site request forgery) flaw and the other is an 
XSS (Cross-site scripting) flaw.

More precisely, four CSRF vulnerabilities make way for hackers to escalate 
their privilege on such forum by tricking the administrator to perform some 
task without asking him/her for confirmation. Tasks relating to these four 
vulnerabilities are:
- Creating a new forum where the hacker is the administrator.
- Raise the privilege of an arbitrary account.
- Give an arbitrary account the sub-forum administrator privilege.
- Enable or disable an arbitrary account.

The XSS vulnerability is in the "Who's online" function of the forum. If 
hackers successfully exploit this flaw, malicious code (JavaScript) will be 
executed whenever the administrator view information with this function.

3. Solution
Rating these highly critical vulnerabilities, Bkis Center recommends that 
all units, organizations and individuals using mvnForum should immediately 
update their forums with the latest version of the application here:
http://sourceforge.net/project/showfiles.php?group_id=65527&package_id=63007

4. Credit
Thanks Dau Huy Ngoc for working with SVRT-Bkis

----------------------------------------------------------------
SVRT, which is short for Security Vulnerability Research Team, is one of
Bkis researching groups. SVRT specializes in the detection, alert and
announcement of security vulnerabilities in software, operating systems,
network protocols and embedded systems.

Bach Khoa Internetwork Security Center (BKIS)
Hanoi University of Technology (Vietnam)

Email : svrt@...v.com.vn
Website : www.bkav.com.vn
WebBlog : http://security.bkis.vn
Our PGP : http://security.bkis.vn/policy/pgp/SVRT-Bkis.gpg
---------------------------------------------------------------- 

.
SVRT-Bkis 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ