The Joomla! Forum ™

Download

Demo


Board index » Joomla! Older Version Support » Joomla! 1.5 » Security in Joomla! 1.5

Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 8 posts ] 
  Print view Previous topic | Next topic 
Author Message
fw116
PostPosted: Mon May 16, 2011 1:42 pm 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Tue Sep 06, 2005 11:18 am
Posts: 1365
Location: Germany
Bugtraq ID: 47857
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: May 16 2011 12:00AM
Updated: May 16 2011 12:00AM
Credit: KedAns-Dz
Vulnerable: Joomla com_docman 0

_________________
http://www.schrammen.net
Top
 Profile  
 
mandville
PostPosted: Mon May 16, 2011 3:57 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 11644
Location: The Girly Side of Joomla in Sussex
is that a docman bug ID?

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}
Top
 Profile  
 
brian
PostPosted: Mon May 16, 2011 4:02 pm 
User avatar
Joomla! Exemplar
Joomla! Exemplar

Joined: Fri Aug 12, 2005 7:19 am
Posts: 9206
Location: Leeds, UK
No its a securityfocus.com bugtraq id to a report of an alledged vuln with no version number. As docman is not yet available for 1.6 its in the wrong forum

_________________
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Top
 Profile  
 
mandville
PostPosted: Mon May 16, 2011 4:05 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 11644
Location: The Girly Side of Joomla in Sussex
item unpublished from jed, dev contacted, listed on vel

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}
Top
 Profile  
 
brian
PostPosted: Mon May 16, 2011 4:09 pm 
User avatar
Joomla! Exemplar
Joomla! Exemplar

Joined: Fri Aug 12, 2005 7:19 am
Posts: 9206
Location: Leeds, UK
is that the correct thing to do. it's a report in an unnamed version

_________________
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Top
 Profile  
 
mandville
PostPosted: Mon May 16, 2011 4:32 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 11644
Location: The Girly Side of Joomla in Sussex
That is the standard procedure as decided by both JED and VEL teams.

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}
Top
 Profile  
 
Jinx
PostPosted: Mon May 16, 2011 5:17 pm 
User avatar
Joomla! Champion
Joomla! Champion

Joined: Fri Aug 12, 2005 12:47 am
Posts: 6568
The reported security issue on SecurityFocus relates to a security exploit in an older version of DOCman (1.3). It's an issue that was fixed for DOCman 1.4 and 1.5

Exploit

The actual exploit was published on PacketStorm security. This is the link to the post : http://packetstormsecurity.org/files/10 ... ction.html

The demo URL for the exploit goes to : http://www.voicilepoux.org. This site is running Mambo and not Joomla. See : http://www.voicilepoux.org/administrator/

The version of DOCman installed on this site is : 1.3.0 and dates back to September 2005. See : http://www.voicilepoux.org/administrato ... ngelog.txt

Solution

User who are still using DOCman 1.3 should immediatly upgrade to the latest 1.4.2 or 1.5.10 version.

Based on this information can I please ask to re-publish our DOCman listing as soon as possible and remove the information about the exploit from the wiki.

_________________
Johan Janssens - Joomla Co-Founder, Lead Developer of Joomla 1.5

http://www.joomlatools.eu - Joomla extensions that just work
http://www.nooku.org - Extension development framework for Joomla
Top
 Profile  
 
mandville
PostPosted: Mon May 16, 2011 5:22 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 11644
Location: The Girly Side of Joomla in Sussex
Thanks for the quick response, email sent , Topic closed
Thanks to Fw116 for the report

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 8 posts ] 


Board index » Joomla! Older Version Support » Joomla! 1.5 » Security in Joomla! 1.5

Who is online

Users browsing this forum: No registered users and 18 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group