SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Geeklog Vendors:   Geeklog
Geeklog Community Portal Software Allows Remote Users to Access Other User Accounts
SecurityTracker Alert ID:  1003185
SecurityTracker URL:  http://securitytracker.com/id/1003185
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 10 2002
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 1.3
Description:   An authentication vulnerability was reported in Geeklog. In the default configuration, a remote user with an account on the application can log in as another user.

It is reported that when permanent cookies are enabled (the default configuration), Geeklog creates and stores a user's UID in a cookie after successful authentication. The cookie is subsequently used by the server to authenticate a user. A remote user can modify the UID in their cookie to gain access to another user's account, including an administrator's account.

Impact:   A remote user with an account on the system can log in as any other user.
Solution:   The vendor recommends that any users of Geeklog 1.3 should go to CVS and download the latest copies of system/lib-sessions.php and public_html/users.php.

For system/lib-sessions.php:

http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/geeklog/geeklog-1.3/system/lib-sessions.php?rev=1.5&content-type=text/vnd.viewcvs-markup

For public_html/users.php:

http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/geeklog/geeklog-1.3/public_html/users.php?rev=1.16&content-type=text/vnd.viewcvs-markup

Vendor URL:  geeklog.sourceforge.net/index.php?topic=GeekLog (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Vendor Issues Fix) Re: Geeklog Community Portal Software Allows Remote Users to Access Other User Accounts
The vendor has issued a fixed version.



 Source Message Contents

Subject:  Cookie modification allows unauthenticated user login in Geeklog 1.3


--cWoXeonUoKmBZSoM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

A major security vulnerability exists in Geeklog 1.3, released on
December 30th, 2001.

When permanent cookies are enabled, as they are in a stock install,
Geeklog stores a user's UID in a cookie upon successful login.

This cookie is subsequently used during future visits to the site to
automatically initiate an authenticated session as the UID in the
cookie.

Modification of the UID in the cookie allows any user to assume the
identity of any other registered user, including the administrative
user.

A bug report was submitted to the author on January 9th, and fixes
were made available shortly after, with instructions on where to
obtain them posted at the Geeklog website (http://www.geeklog.org).

Geeklog is a 'blog', otherwise known as a Weblog. It allows you to
create your own virtual community area, complete with user
administration, story posting, messaging, comments, polls, calendar,
weblinks, and more! It can run on many different operating systems,
and uses PHP4 and MySQL.

--
Adrian Chung (adrian at enfusion-group dot com)
http://www.enfusion-group.com/~adrian
GPG Fingerprint: C620 C8EA 86BA 79CC 384C E7BE A10C 353B 919D 1A17
[rogue.enfusion-group.com] up 161 days, 4:03, 5 users


--cWoXeonUoKmBZSoM
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8Pc26oQw1O5GdGhcRAv8BAKDXEXo3IbnCdyjuhrzBfu+J9BY+5gCfRxOP
2rD7aLVdOK6MA4KAGFc12Ic=
=z3ek
-----END PGP SIGNATURE-----

--cWoXeonUoKmBZSoM--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC