82830 – www-apps/mambo: "GLOBALS['mosConfig_absolute_path']" File Inclusion

Bug 82830 - www-apps/mambo: "GLOBALS['mosConfig_absolute_path']" File Inclusion

Summary: www-apps/mambo: "GLOBALS['mosConfig_absolute_path']" File Inclusion

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/14337/
Whiteboard:	~1 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2005-02-21 08:03 UTC by Jean-François Brunette (RETIRED)
Modified:	2005-02-21 14:07 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jean-François Brunette (RETIRED) gentoo-dev

2005-02-21 08:03:00 UTC

Description:
A vulnerability has been reported in Mambo, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "GLOBALS['mosConfig_absolute_path']" parameter in "Tar.php" is not properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.

Successful exploitation requires that "register_globals" is enabled.

Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev

2005-02-21 08:30:20 UTC

web-apps, pls verify/bump

Comment 2 Stuart Herbert (RETIRED) gentoo-dev

2005-02-21 12:41:34 UTC

We are not vulnerable, as we don't have Mambo 4.5.2 in the tree.  However, I'll get Mambo 4.5.2.1 into the tree as quickly as possible, as a precaution.

Best regards,
Stu

Comment 3 Stuart Herbert (RETIRED) gentoo-dev

2005-02-21 13:42:10 UTC

Mambo 4.5.2 now in Portage.

Comment 4 Luke Macken (RETIRED) gentoo-dev

2005-02-21 14:07:54 UTC

Thanks Stuart.

This package was never marked stable on any archs; closing without GLSA.