Secunia: peter MC tachatte has discovered a vulnerability in Mambo, which can be exploited by malicious people to manipulate certain information and compromise a vulnerable system. The vulnerability is caused due to an error in the "register_globals" emulation layer in "globals.php" where certain arrays used by the system can be overwritten. This can be exploited to include arbitrary files from external and local resources via the "mosConfig_absolute_path" parameter. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Created attachment 73163 [details, diff] Patch to fix globals overwrite vulnerability in globals.php. As of now no upstream patch or patched version is available. Here is a patch that should fix the vulnerability from overwriting already defined elements in $GLOBALS.
I've notified upstream about the vulnerability and sent them the patch.
Created attachment 73169 [details] Ebuild for =www-apps/mambo-4.5.2.3-r1 Sending ebuild that applies mambo-4.5.2.3-globals_overwrite.patch.
One more for web-apps, an urgent one here :)
I'm looking at this problem today. I'll update this ticket again once I have a fix in Portage for you. Best regards, Stu
Hi, Mambo-4.5.2.3-r1 is now in the tree. Many thanks to Vic for the patch. Best regards, Stu
Thx Stuart. Mambo is not stable on any arches -> Closing with NO GLSA.