SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Geeklog Vendors:   Geeklog
Geeklog Web-based Community Portal Software May Let a Remote User Obtain Administrative Priviliges on the Application
SecurityTracker Alert ID:  1003117
SecurityTracker URL:  http://securitytracker.com/id/1003117
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 5 2002
Impact:   User access via network

Version(s): 1.3
Description:   A vulnerability has been reported in the Geeklog web-based community portal software. A remote user could obtain administrative access to the application in a certain situation.

It is reported that the first new user created after initial installation of Geeklog is, by default, assigned to the GroupAdmin group. As a result, a remote user could obtain administration privileges on the server if they are the first registered user.

It is reported that in a fresh installation, the data includes one orphaned "group_assignments" record with a user ID of 13 but the Geeklog user table only has 12 users in this case. So, the first user that creates an account has access to the GroupAdmin Group and, subsequently, the UserAdmin Group.

Impact:   A remote user could obtain administrative control of the application in a certain situation.
Solution:   The vendor has issued a method for fixing this flaw. The flaw only applies to fresh installations of Geeklog.

"If you have already installed a fresh version of Geeklog 1.3 then you need to edit the user with a uid of 13. To get that, do a "SELECT username FROM users WHERE uid = 13" in your favorite MySQL editor. Then in the admin/users.php page edit that user and uncheck both the GroupAdmin Group AND the UserAdmin Group and be sure to leave the Normal User and Logged-in User boxes checked."

Vendor URL:  geeklog.sourceforge.net/index.php?topic=GeekLog (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Vendor Issues Fix) Re: Geeklog Web-based Community Portal Software May Let a Remote User Obtain Administrative Priviliges on the Application
The vendor has released a fixed version.



 Source Message Contents

Subject:  Vulnerability in new user creation in Geeklog 1.3


I have discovered a serious security flaw with new user creation in the
latest version of Geeklog--Version 1.3 on December 30th, 2001.

Product Information: Geeklog is a popular weblog. It allows you to
create your own virtual community area, complete with user
administration, story posting, messaging, and other nice features.

Vulnerability: When the first, new user is created during a fresh
installation of Geeklog, that regular user is assigned to the GroupAdmin
Group, and subsequently, is a member of the UserAdmin Group. This is a
major issue, because if the website is rolled out to the public, in
theory, the first new user registered would have Admin rights, which
would allow the new user to have control over Geeklog, and subsequently,
the entire website.

I have submitted a bug report to the author, in order to give him ample
time in fixing this issue. It has been fixed, and posted today at the
geeklog website at http://www.geeklog.org

Fix: Per Geeklog's website: If you already have installed a fresh
version of Geeklog 1.3 then you need to edit the user with a uid of 13.
To get that, do a "SELECT username FROM users WHERE uid = 13" in your
favorite MySQL editor. Then in the admin/users.php page edit that user
and uncheck both the GroupAdmin Group AND the UserAdmin Group and be
sure to leave the Normal User and Logged-in User boxes checked. 


--
Regards,

Woody Hughes
Sr. Information Security Analyst
Security Product Services
Corporate Information Protection
Wells Fargo
-------------------------------
woody@thewoodman.org
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GE d-(++) s+:++>s+:- a27>-- C++++ UBLS++++$ P+>+++++ L++++$ E---- W++ N
o? K? w O(-) M-(--) V->V PS---(+) PE--(PE) Y+(Y) PGP++ t 5 X R(+) tv+
b>+++ DI+++ D+ G-- e* h---- r++++ y?
------END GEEK CODE BLOCK------
http://www.geekcode.com

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC