SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   PostNuke Vendors:   postnuke.com
PostNuke Input Validation Holes in 'pnadmin', 'dl-util', 'dl-search' and Other Scripts Let Remote Users Inject SQL Commands
SecurityTracker Alert ID:  1013324
SecurityTracker URL:  http://securitytracker.com/id/1013324
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 28 2005
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.750, 0.760RC2
Description:   Andreas Krapohl from the PostNuke Development Team reported some input validation vulnerabilities in PostNuke. A remote user can inject SQL commands.

Several modules do not properly validate user-supplied input. A remote user can supply specially crafted values to execute SQL commands on the underlying database. Affected modeuls include:

/modules/Modules/pnadmin.php
/includes/blocks/past.php
/modules/Downloads/dl-util.php
/modules/Downloads/dl-search.php

The '/modules/Downloads/admin.php' does not properly validate output. The impact was not specified.

A remote user may be able to cause '/modules/News/index.php' to disclose the installation path.

Maksymilian Arciemowicz of securityreason.com is credited with discovering these vulnerabilities.

Impact:   A remote user can execute arbitrary SQL commands on the underlying database.

A remote user may be able to determine the installation path.

Solution:   The vendor has provided the following fixes [quoted]:

UPDATED PACKAGES
1. PostNuke 0.750 (tar.gz format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-411.html
SIZE: 2410936 Bytes
MD5 checksum: dcb276fa0aae4e22764eb22fd66ccd09
SHA1 checksum: bc8c5ccde62312956f72a144e67efbf65bf82349

2. PostNuke 0.750 (zip format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-410.html
SIZE: 3408707 Bytes
MD5 checksum: f49e17d4040892634c53b9fb5afe650c
SHA1 checksum: 82590102de8b0171993eaf94cc73006ad84ae752

3. Security Fix (changed files only) for PostNuke 0.750 (tar.gz format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-457.html
SIZE: 26990 Bytes
MD5 checksum: 2e654367bda64f8e9944273991997068
SHA1 checksum: fde99e26357003a8fd36aa7fde0da2859dc2c0b5

4. Security Fix (changed files only) for PostNuke 0.750 (.zip format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-458.html
SIZE: 32088 Bytes
MD5 checksum: e8b118732f19aa55d80550f6fe4d0caa
SHA1 checksum: f018e4f1d5339dce4b6a8419ac98a555c89945a2

NEW RELEASES
1. PostNuke 0.760RC3 (tar.gz format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-459.html
SIZE: 2933473 Bytes
MD5 checksum: b0bbd2649a027cf20f603ff26d17c392
SHA1 checksum: 5efd53cabd9f069320d2b157be9dc463fbc9d1cf

2. PostNuke 0.760RC3 (zip format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-460.html
SIZE: 4265380 Bytes
MD5 checksum: c2cce796bbf803c7018fa2f4b2891c9f
SHA1 checksum: cb5dc8953a562bcf07bca392dcbe18009942e32c

Vendor URL:  www.postnuke.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [Postnuke-security] PostNuke Security Advisory PNSA 2005-1


From: Andreas Krapohl - larsneo <larsneo@postnuke.com>
Date: Mon, 28 Feb 2005 20:09:19 +0100
Subject: [Postnuke-security] PostNuke Security Advisory PNSA 2005-1
To: postnuke-security@lists.postnuke.com


PostNuke Security Advisory PNSA 2005-1
Andreas Krapohl <larsneo>, PostNuke Development Team
February 28th, 2005

Vulnerability : SQL injection, various missing input/output validations: 0.750+

DESCRIPTION
PostNuke is an open source, open development content management system
(CMS). PostNuke started as a fork from PHPNuke and provides many
enhancements and improvements over the PHP-Nuke system.
PostNuke is still undergoing development but a large number of core
functions are now stabilising and a complete API for third-party
developers (including ADODB database abstracion and SMARTY templating)
is in place.
The PostNuke Development Team was notified about a couple of security
issues within the current .760RC2 and has decided to backport the
fixes also to the stable .750 package.

VULNERABILTIES
- missing input validation within /modules/Modules/pnadmin.php
- missing input validation within /includes/blocks/past.php
- missing output validation within /modules/Downloads/admin.php
- missing input validation within /modules/Downloads/dl-util.php
- missing input validation within /modules/Downloads/dl-search.php
- possible path disclosure within /modules/News/index.php

SOLUTION
It is recommended that all admins do an immediate upgrade of their
sites to v0.750 then apply the latest security fix package available
from the locations listed below.
Please note the main package has been updated to include this advisory
so there is no need to apply this patch if you have downloaded
PostNuke after the date of this announcement.

UPDATED PACKAGES
1. PostNuke 0.750 (tar.gz format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-411.html
SIZE: 2410936 Bytes
MD5 checksum: dcb276fa0aae4e22764eb22fd66ccd09
SHA1 checksum: bc8c5ccde62312956f72a144e67efbf65bf82349

2. PostNuke 0.750 (zip format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-410.html
SIZE: 3408707 Bytes
MD5 checksum: f49e17d4040892634c53b9fb5afe650c
SHA1 checksum: 82590102de8b0171993eaf94cc73006ad84ae752

3. Security Fix (changed files only) for PostNuke 0.750 (tar.gz format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-457.html
SIZE: 26990 Bytes
MD5 checksum: 2e654367bda64f8e9944273991997068
SHA1 checksum: fde99e26357003a8fd36aa7fde0da2859dc2c0b5

4. Security Fix (changed files only) for PostNuke 0.750 (.zip format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-458.html
SIZE: 32088 Bytes
MD5 checksum: e8b118732f19aa55d80550f6fe4d0caa
SHA1 checksum: f018e4f1d5339dce4b6a8419ac98a555c89945a2

NEW RELEASES
1. PostNuke 0.760RC3 (tar.gz format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-459.html
SIZE: 2933473 Bytes
MD5 checksum: b0bbd2649a027cf20f603ff26d17c392
SHA1 checksum: 5efd53cabd9f069320d2b157be9dc463fbc9d1cf

2. PostNuke 0.760RC3 (zip format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-460.html
SIZE: 4265380 Bytes
MD5 checksum: c2cce796bbf803c7018fa2f4b2891c9f
SHA1 checksum: cb5dc8953a562bcf07bca392dcbe18009942e32c

ADDITIONAL INSTRUCTIONS
Place the files contained in this patch into the appropriate PostNuke
directory that replaces the current files because by doing this you
are applying the security fix to the system fix and this is what is
meant by "patching" your system.
If you would like to receive security updates in the future, please
subscribe to the <a
href="http://lists.postnuke.com/mailman/listinfo/postnuke-security">PostNuke
security list</a>.
SPECIAL NOTE FOR .760RC3
PostNuke .760RC3 is not recommended for production sites. If
performing an upgrade to .760 please review manual.txt carefully. Many
of the core system modules are upgraded in this release so the process
needs to be followed exactly.

CREDITS
The exploits have been originally found by Maksymilian Arciemowicz
from http://www.securityreason.com/ and were reported via security
contact.

_______________________________________________
Postnuke-security mailing list
Postnuke-security@lists.postnuke.com
http://lists.postnuke.com/mailman/listinfo/postnuke-security
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC