oss-sec mailing list archives

Re: CVE request: joomla <= 1.5.15 code upload, information leak, session fixation, unauthorized access (was Fwd: Joomla! Security News)

From: Josh Bressers <bressers () redhat com>
Date: Mon, 26 Apr 2010 15:56:17 -0400 (EDT)

Here you go:

CVE-2010-1432 Joomla! information Disclosure
CVE-2010-1433 Joomla! Code upload
CVE-2010-1434 Joomla! Session fixation
CVE-2010-1435 Joomla! Unauthorised Access

Thanks.

-- 
    JB


----- "Hanno Böck" <hanno () hboeck de> wrote:

----------  forwarded message  ----------

Subject: Joomla! Security News
Date: Samstag 24 April 2010
From: "Joomla! Developer - Vulnerability News" <no_reply () joomla org>

Joomla! Developer - Vulnerability News

///////////////////////////////////////////
[20100423] - Core - Negative Values for Limit and Offset

Posted: 23 Apr 2010 10:31 AM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/K3rjMh4AvSE/311-20100423-
core-negative-values-for-limit-and-
offset.html?utm_source=feedburner&utm_medium=email

  Project: Joomla!
  SubProject: All
  Severity: Moderate
  Versions: 1.5.15 and all previous 1.5 releases
  Exploit type: information Disclosure
  Reported Date: 2010-Feb-21
  Fixed Date: 2010-Apr-23

Description

If a user entered a URL with a negative query limit or offset, a PHP
notice  
would display revealing information about the system.
Affected Installs

All 1.5.x installs prior to and including 1.5.15 are affected.
Solution

Upgrade to the latest Joomla! version (1.5.16 or later)

Reported by Security List
Contact

The JSST at the Joomla! Security Center.

///////////////////////////////////////////
[20100423] - Core - Installer Migration Script

Posted: 23 Apr 2010 10:27 AM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/QLis4AG_-cs/310-20100423-
core-installer-migration-script.html?utm_source=feedburner&utm_medium=email

  Project: Joomla!
  SubProject: All
  Severity: Low
  Versions: 1.5.15 and all previous 1.5 releases
  Exploit type: Code upload
  Reported Date: 2009-Dec-30
  Fixed Date: 2010-Apr-23

Description

The migration script in the Joomla! installer does not check the file
type  
being uploaded. If the installation application is present, an
attacker  
could use it to upload malicious files to a server.
Affected Installs

All 1.5.x installs prior to and including 1.5.15 are affected.
Solution

Upgrade to the latest Joomla! version (1.5.16 or later)

Reported by Nicola Bettini
Contact

The JSST at the Joomla! Security Center.

///////////////////////////////////////////
[20100423] - Core - Sessation Fixation

Posted: 23 Apr 2010 10:22 AM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/KWB_pRZpcP4/309-20100423-
core-sessation-fixation.html?utm_source=feedburner&utm_medium=email

  Project: Joomla!
  SubProject: All
  Severity: Moderate
  Versions: 1.5.15 and all previous 1.5 releases
  Exploit type: Session fixation
  Reported Date: 2010-Mar-25
  Fixed Date: 2010-Apr-23

Description

Session id doesn't get modified when user logs in.  A remote site may
be  
able to forward a visitor to the Joomla! site and set a specific
cookie.   
If the user then logs in, the remote site can use that cookie to  
authenticate as that user.
Affected Installs

All 1.5.x installs prior to and including 1.5.15 are affected.
Solution

Upgrade to the latest Joomla! version (1.5.16 or later)

Reported by Raúl Siles and Steven Pignataro

Contact

The JSST at the Joomla! Security Center.[20100423] - Core - Password
Reset  
Tokens

///////////////////////////////////////////
[20100423] - Core - Password Reset Tokens

Posted: 22 Apr 2010 05:00 PM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/UdLK-p0f7tQ/308-20100423-
core-password-reset-tokens.html?utm_source=feedburner&utm_medium=email

  Project: Joomla!
  SubProject: All
  Severity: Low
  Versions: 1.5.15 and all previous 1.5 releases
  Exploit type: Unauthorised Access
  Reported Date: 2010-Jan-07
  Fixed Date: 2010-Apr-23

Description

When a user requests a password reset, the reset tokens were stored in

plain text in the database. While this is not a vulnerability in
itself, it  
allows user accounts to be compromised if there is an extension on the
site  
with an SQL injection vulnerability.
Affected Installs

All 1.5.x installs prior to and including 1.5.15 are affected.
Solution

Upgrade to the latest Joomla! version (1.5.16 or later)

Reported by Madis Abel
Contact

The JSST at the Joomla! Security Center.

-- 
Hanno Böck            Blog:           http://www.hboeck.de/
GPG: 3DBD3B20         Jabber/Mail:    hanno () hboeck de

http://schokokeks.org - professional webhosting

Current thread:

CVE request: joomla <= 1.5.15 code upload, information leak, session fixation, unauthorized access (was Fwd: Joomla! Security News) Hanno Böck (Apr 26)
- Re: CVE request: joomla <= 1.5.15 code upload, information leak, session fixation, unauthorized access (was Fwd: Joomla! Security News) Josh Bressers (Apr 26)