Change font size Change Width
Advanced Search
 

Joomla! Discussion Forums



It is currently Mon Nov 23, 2009 6:41 pm (All times are UTC )

 

Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues



Post new topic Reply to topic  Page 1 of 1
  [ 4 posts ] 
  Print view Previous topic | Next topic 
Author Message
gustavo
Posted: Wed Jul 12, 2006 3:10 pm 
User avatar
Joomla! Explorer
Joomla! Explorer
Offline

Joined: Fri Aug 19, 2005 12:51 pm
Posts: 362
Location: Argentina
Quote:
Author : Matdhule
Contact : matdhule@gmail.com
Application : Sitemap 2.0.0 for Mambo 4.5.1 CMS
Version : Sitemap 2.0.0
Download : http://mamboxchange.com/frs/download.ph ... emap20.zip


Have a nice day
Gustavo

_________________
Comunidad Joomla!: Member of the Spanish [es_ES] Joomla Translation Team | http://comunidadjoomla.org

NUEVO! Manual de instalación para Joomla! 1.5.x - Guía de inicio Joomla! 1.5.X en http://joomlacode.org/gf/project/comunidadjoomla/frs/

Last edited by RobS on Sun Jul 23, 2006 8:06 pm, edited 1 time in total.

Top
   
 
Peter Koch
Posted: Wed Jul 12, 2006 3:55 pm 
Joomla! Explorer
Joomla! Explorer
Offline

Joined: Thu Aug 18, 2005 8:54 pm
Posts: 367
Apperently also joommap 2.05 has this construct (vulnerability yet unconfirmed)

No, everything seems clean in joommap 2.0.5.

I can however confirm the issue with sitemap 2.0.0


Last edited by Anonymous on Wed Jul 12, 2006 4:18 pm, edited 1 time in total.

Top
  E-mail  
 
gustavo
Posted: Fri Jul 14, 2006 12:56 pm 
User avatar
Joomla! Explorer
Joomla! Explorer
Offline

Joined: Fri Aug 19, 2005 12:51 pm
Posts: 362
Location: Argentina
and two days after, the official report on secutiry related sites..

Quote:
Advisory ID : FrSIRT/ADV-2006-2803
CVE ID : GENERIC-MAP-NOMATCH
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-07-14

Technical Description

A vulnerability has been identified in SiteMap (component for Mambo), which may be exploited by attackers to execute arbitrary commands. This flaw is due to an input validation error in the "sitemap.xml.php" script that fails to validate the "mosConfig_absolute_path" parameter, which could be exploited by remote attackers to include malicious files and execute arbitrary commands with the privileges of the web server.

Affected Products

SiteMap (component for Mambo) version 2.0 and prior


http://www.frsirt.com/english/advisories/2006/2803

Have a nice day
Gustavo

_________________
Comunidad Joomla!: Member of the Spanish [es_ES] Joomla Translation Team | http://comunidadjoomla.org

NUEVO! Manual de instalación para Joomla! 1.5.x - Guía de inicio Joomla! 1.5.X en http://joomlacode.org/gf/project/comunidadjoomla/frs/

Top
   
 
Jinx
Posted: Fri Jul 21, 2006 11:58 am 
User avatar
Joomla! Champion
Joomla! Champion
Offline

Joined: Fri Aug 12, 2005 12:47 am
Posts: 6431
The sitemap 2.0 component is not actively maintained and should not be used on any production websites ! The component has been removed from mamboforge.

_________________
Johan Janssens - Joomla Co-Founder, Lead Developer of Joomla 1.5

http://www.nooku.org - multi-lingual content manager and rapid extension development framework for Joomla 1.5
http://www.joomlatools.eu - training, consulting and extension development

Last edited by Jinx on Fri Jul 21, 2006 12:00 pm, edited 1 time in total.

Top
   
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 4 posts ] 

Quick reply

 


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues

Who is online

Users browsing this forum: No registered users and 4 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
 
 
 
 
 

© 2005-2009 Open Source Matters, Inc. All rights reserved. Joomla hosting by Rochen Ltd.