lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4982C7F8.8050005@beccati.com>
Date: Fri, 30 Jan 2009 10:27:20 +0100
From: Matteo Beccati <php@...cati.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Cc: Elites0ft Admin <admin@...tes0ft.com>, vuln@...unia.com
Subject: [OPENX-SA-2009-001] OpenX 2.4.10 and 2.6.4 fix multiple vulnerabilities

========================================================================
OpenX security advisory                                OPENX-SA-2009-001
------------------------------------------------------------------------
Advisory ID:           OPENX-SA-2009-001
Date:                  2009-Jan-30
Security risk:         Moderately critical
Applications affetced: OpenX
Versions affected:     <= 2.4.9, <= 2.6.3
Versions not affected: >= 2.4.10, >= 2.6.4
========================================================================


========================================================================
Multiple vulnerabilities: XSS, SQL inection, directory traversal
========================================================================

Description
-----------
A security review of OpenX 2.6.3 was recently being conducted on Openx
2.6.3 by Sarid Harper on behalf of Secunia and reported to us. One of
the vulnerabilities was also independently discovered by Charlie Briggs
and disclosed on milw0rm.com, forcing Secunia to publish the research
results before our fix releases were ready.

The review contains a list of 22 items for multiple vulnerabilities
ranging from XSS to SQL injection to directory traversal. Some are only
exploitable by authenticated users, others can be conducted by
unauthenticated users.

All the the items were fixed in OpenX 2.6 and backported to 2.4 when
applicable. New versions of both OpenX 2.6 and 2.4 have been released.

Solution
--------
 - Upgrade to OpenX 2.4.10 or 2.6.4

References
----------
 - http://secunia.com/advisories/32197/
 - http://www.milw0rm.com/exploits/7883
 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0291

Timeline
--------
2009-Jan-20: Secunia reported the security review results to OpenX
2009-Jan-20: OpenX started investigation and scheduled the fixes
             according to the company release plans
2009-Jan-26: the fc.php MAX_type vulnerability was independently
             discovered and disclosed
2009-Jan-27: an OpenX user reported the link to our forums
2009-Jan-27: Secunia was forced to disclose the entire review
2009-Jan-29: OpenX 2.4.10 and 2.6.4 were released by OpenX


Contact informations
====================

The security contact for OpenX can be reached at:
<security AT openx DOT org>


Best regards

-- 
Matteo Beccati

OpenX - http://www.openx.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ