205346 – (CVE-2008-0261) www-apps/mambo 4.x Search Denial of Service (CVE-2008-0261)

Bug 205346 (CVE-2008-0261) - www-apps/mambo 4.x Search Denial of Service (CVE-2008-0261)

Summary: www-apps/mambo 4.x Search Denial of Service (CVE-2008-0261)

Status:	RESOLVED FIXED

Alias:	CVE-2008-0261

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/28392/
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-01-11 17:52 UTC by Lars Hartmann
Modified:	2008-01-28 13:06 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lars Hartmann 2008-01-11 17:52:19 UTC

A vulnerability has been reported in Mambo, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error in the search component and module, which can be exploited to use lots of system resources. No further information is currently available.

The vulnerability is reported in all 4.5.x and 4.6.x versions.

Solution:
Mambo 4.6.x:

Comment 1 Lars Hartmann 2008-01-11 17:53:55 UTC

aeh solutio: apply this patch: http://mambo-code.org/gf/download/frsrelease/298/538/20080110-Mambo46x-SearchPatch.zip

Comment 2 Renat Lumpau (RETIRED) gentoo-dev

2008-01-27 20:42:03 UTC

-r1 in CVS

Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-01-28 13:06:32 UTC

thanks, closing.