[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200710182101.37279.timb@nth-dimension.org.uk>
Date: Thu, 18 Oct 2007 21:01:35 +0100
From: Tim Brown <timb@...-dimension.org.uk>
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.grok.org.uk, news@...uriteam.com
Subject: Serious holes affecting SiteBar 3.3.8
All,
As a result of a short security audit of SiteBar, a number of security holes
were found. The holes included code execution, a malicious redirect and
multiple cases of Javascript injection.
After liasing with the developers, the holes have been patched. Attached are
the advisory and patch relating to these flaws.
CVEs open already relating to this audit:
* CVE-2006-3320 (Javascript injection) - previously reported by other parties
but not resolved and so included for completeness
* CVE-2007-5492 (code execution) - first reported in my attached advisory to
the vendor, independently rediscovered by Robert Buchholz of Gentoo whilst
auditing the differences between the patched and unpatched versions (3.3.8 vs
3.3.9)
* CVE-2007-5491 (file permissions issue) - apparently patched by the vendor at
the same time as my issues were resolved and discovered by Robert Buchholz of
Gentoo whilst auditing the differences between the patched and unpatched
versions (3.3.8 vs 3.3.9)
It is intended that CVE-2007-5492 will be updated to reference both code
execution flaws I reported. All other issues in the advisory have been
patched but no CVEs have yet been requested or assigned to the best of my
knowledge.
Tim
--
Tim Brown
<mailto:timb@...-dimension.org.uk>
<http://www.nth-dimension.org.uk/>
View attachment "fixedvulnerability.patch" of type "text/x-diff" (36652 bytes)
Download attachment "NDSA20071016.txt.asc" of type "application/pgp-keys" (4740 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists