[ABANDONED] Mambo MGM Vulnerability --> Joomla fork with fixes available
Moderator: General Support Moderators
Forum rules
-
- Joomla! Explorer
- Posts: 469
- Joined: Thu Aug 18, 2005 10:40 pm
- Location: las vegas USA
- Contact:
[ABANDONED] Mambo MGM Vulnerability --> Joomla fork with fixes available
TITLE:
Mambo MGM Component File Inclusion Vulnerability
SECUNIA ADVISORY ID:
SA21268
VERIFY ADVISORY:
http://secunia.com/advisories/21268/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
MGM 0.x (component for Mambo)
http://secunia.com/product/11201/
DESCRIPTION:
A-S-T TEAM has discovered a vulnerability in the MGM component for
Mambo, which can be exploited by malicious people to compromise a
vulnerable system.
Input passed to the "mosConfig_absolute_path" parameter in
administrator/components/com_mgm/help.mgm.php is not properly
verified before being used to include files. This can be exploited to
execute arbitrary PHP code by including files from local or external
resources.
Successful exploitation requires that "register_globals" is enabled.
The vulnerability has been confirmed in version 0.95r2 and reported
in version 0.95r3. Other versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly verified.
Set "register_globals" to "Off".
PROVIDED AND/OR DISCOVERED BY:
A-S-T TEAM
ORIGINAL ADVISORY:
http://milw0rm.com/exploits/2084
Mambo MGM Component File Inclusion Vulnerability
SECUNIA ADVISORY ID:
SA21268
VERIFY ADVISORY:
http://secunia.com/advisories/21268/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
MGM 0.x (component for Mambo)
http://secunia.com/product/11201/
DESCRIPTION:
A-S-T TEAM has discovered a vulnerability in the MGM component for
Mambo, which can be exploited by malicious people to compromise a
vulnerable system.
Input passed to the "mosConfig_absolute_path" parameter in
administrator/components/com_mgm/help.mgm.php is not properly
verified before being used to include files. This can be exploited to
execute arbitrary PHP code by including files from local or external
resources.
Successful exploitation requires that "register_globals" is enabled.
The vulnerability has been confirmed in version 0.95r2 and reported
in version 0.95r3. Other versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly verified.
Set "register_globals" to "Off".
PROVIDED AND/OR DISCOVERED BY:
A-S-T TEAM
ORIGINAL ADVISORY:
http://milw0rm.com/exploits/2084
Last edited by Tonie on Wed Sep 20, 2006 2:13 pm, edited 1 time in total.
joomla 1.6 Türk destek sitesi http://www.joomlaturk.net/
- Elpie
- Joomla! Guru
- Posts: 903
- Joined: Wed Aug 17, 2005 11:26 pm
- Contact:
Mambo Gallery Manager
com_mgm is Mambo Gallery Manager. It appears to have been abandoned over a year ago so if anyone is using it I recommend you delete it completely and find something else that is under active development.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info
Open Source Research & Best Practice: http://osprojects.info
- RobS
- Joomla! Ace
- Posts: 1366
- Joined: Mon Dec 05, 2005 10:17 am
- Location: New Orleans, LA, USA
- Contact:
Re: [ABANDONED] Mambo MGM Component File Inclusion Vulnerability
Thanks for the information, adding to the official list.
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions
-
- Joomla! Apprentice
- Posts: 6
- Joined: Wed Aug 02, 2006 10:01 pm
Re: Mambo Gallery Manager
I'm not sure this is accurate. There's a version 0.96 out there renamed Joomla Gallery Manager. I can't speak to the security status though - anyone know for sure?Elpie wrote: com_mgm is Mambo Gallery Manager. It appears to have been abandoned over a year ago so if anyone is using it I recommend you delete it completely and find something else that is under active development.
- Elpie
- Joomla! Guru
- Posts: 903
- Joined: Wed Aug 17, 2005 11:26 pm
- Contact:
Re: Mambo Gallery Manager
The one that has had exploits so far has been Mambo Gallery Manager, specifically in version 0.95r2.aserdaten wrote: I'm not sure this is accurate. There's a version 0.96 out there renamed Joomla Gallery Manager. I can't speak to the security status though - anyone know for sure?
Mambo Gallery Manager is an abandoned project.
If you really do doubt the accuracy of my report all you have to do is go to security sites yourself to confirm it. mamboturk has given you links to two of them
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info
Open Source Research & Best Practice: http://osprojects.info
-
- Joomla! Apprentice
- Posts: 6
- Joined: Wed Aug 02, 2006 10:01 pm
Re: Mambo Gallery Manager
In the interests of being polite perhaps I was insufficiently direct. The inaccuracy, or at least incomplete accuracy, of your report is not in question. There is a release numbered 0.96 RC1, called "Joomla Gallery Manager", and that release came out less than a year ago, in October. A user named Macinhouse picked up development where Marco Antonio Regueira left off. There is still an active message board thread about it here.Elpie wrote:The one that has had exploits so far has been Mambo Gallery Manager, specifically in version 0.95r2.aserdaten wrote: I'm not sure this is accurate. There's a version 0.96 out there renamed Joomla Gallery Manager. I can't speak to the security status though - anyone know for sure?
Mambo Gallery Manager is an abandoned project.
If you really do doubt the accuracy of my report all you have to do is go to security sites yourself to confirm it. mamboturk has given you links to two of them
The question I have is whether or not the 0.96 RC1 release suffers from the same vulnerability as the earlier versions. My guess is that it does suffer from that vulnerability, but I was hoping for an answer from someone actually familiar with 0.96 RC1. With all due respect, you are obviously not that person.
So if anyone has a serious and knowledgeable response to my question, I would be very grateful to hear it.
- Elpie
- Joomla! Guru
- Posts: 903
- Joined: Wed Aug 17, 2005 11:26 pm
- Contact:
Re: [ABANDONED] Mambo MGM Component File Inclusion Vulnerability
Why are you asking about a different product in this thread? If you have concerns about another 3PD script, the best place to ask is in the thread for that script or directly to the developer concerned.
Whether I am familiar with the Joomla component or not is not the topic of this thread which is about the MAMBO GALLERY MANAGER.
Whether I am familiar with the Joomla component or not is not the topic of this thread which is about the MAMBO GALLERY MANAGER.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info
Open Source Research & Best Practice: http://osprojects.info
- Tonie
- Joomla! Master
- Posts: 16553
- Joined: Thu Aug 18, 2005 7:13 am
Re: [ABANDONED] Mambo MGM Component File Inclusion Vulnerability
I have already sent an email to the developer of the Joomla port about the security issue in question, since it is hosted on Forge. I don't know if he is actively developing the port at the moment.
-
- Joomla! Apprentice
- Posts: 6
- Joined: Wed Aug 02, 2006 10:01 pm
Re: [ABANDONED] Mambo MGM Component File Inclusion Vulnerability
Thank you, Tonie.
- iainshaw
- Joomla! Explorer
- Posts: 373
- Joined: Thu Aug 18, 2005 6:32 am
- Location: Yorkshire, UK
- Contact:
Re: [ABANDONED] Mambo MGM Component File Inclusion Vulnerability
So did anyone identify if 0.96 is affected> Elpie, why the rather short response to the original poster. Renaming a piece of code doesn't make it a new piece of code.
http://www.brilliantliving.co.uk - Smart Home technology and lighting design powered by Joomla!
- Elpie
- Joomla! Guru
- Posts: 903
- Joined: Wed Aug 17, 2005 11:26 pm
- Contact:
Re: [ABANDONED] Mambo MGM Component File Inclusion Vulnerability
Ian, the topic of this thread is the Mambo MGM Component. It is clearly about vulnerabilities in the now-abandoned Mambo script and relates to versions 0.95r2 and 0.95r3. At time of writing, I stated that the Mambo script had not been updated in over a year. The poster who raised the issue of whether Joomla Gallery Manager was also affected clearly did not read the original post in this thread but chose instead to say that he doubted the accuracy of my report. I merely emphasised that the thread topic is about the Mambo component.iainshaw wrote: So did anyone identify if 0.96 is affected> Elpie, why the rather short response to the original poster. Renaming a piece of code doesn't make it a new piece of code.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info
Open Source Research & Best Practice: http://osprojects.info
- Tonie
- Joomla! Master
- Posts: 16553
- Joined: Thu Aug 18, 2005 7:13 am
Re: [ABANDONED] Mambo MGM Component File Inclusion Vulnerability
A followup on the Joomla version. There has been one release of the Joomla version, looking at the description it is a port only. As stated before, I sent an email to the developer. I haven't received anything back in ten days now. The Joomla version of MGM has therefore been set to "project member access only".
- iainshaw
- Joomla! Explorer
- Posts: 373
- Joined: Thu Aug 18, 2005 6:32 am
- Location: Yorkshire, UK
- Contact:
Re: [ABANDONED] Mambo MGM Component File Inclusion Vulnerability
Elpie, I think you're doing great work here. And my reply was rather lazy. I've had a look at MGM 0.96 RC1 and I'd say it has the same vulnerability. Damn!
http://www.brilliantliving.co.uk - Smart Home technology and lighting design powered by Joomla!
- ganar
- Joomla! Enthusiast
- Posts: 103
- Joined: Mon Aug 22, 2005 10:19 pm
- Contact:
Re: [ABANDONED] Mambo MGM Component File Inclusion Vulnerability
Too bad... MGM is great, it does things that no other component does... It looks like the solution to the problem is quite easy
- Tonie
- Joomla! Master
- Posts: 16553
- Joined: Thu Aug 18, 2005 7:13 am
Re: [ABANDONED] Mambo MGM Component File Inclusion Vulnerability
The security issues in question have been fixed, the project is also visible again here: http://forge.joomla.org/sf/frs/do/viewS ... anager/frs
- ganar
- Joomla! Enthusiast
- Posts: 103
- Joined: Mon Aug 22, 2005 10:19 pm
- Contact:
Re: [ABANDONED] Mambo MGM Component File Inclusion Vulnerability
Thanks a lot for the information Tonie, I really appreciate to be able to continue using MGM
- Tonie
- Joomla! Master
- Posts: 16553
- Joined: Thu Aug 18, 2005 7:13 am
Re: [ABANDONED] Mambo MGM Component File Inclusion Vulnerability
Will change the title of the topic to reflect this.
- ilox
- Joomla! Explorer
- Posts: 444
- Joined: Thu Aug 25, 2005 3:29 pm
- Location: Adelaide, South Australia
- Contact:
Re: [ABANDONED] Mambo MGM Vulnerability --> Joomla fork with fixes available
Umm, System message says:Tonie wrote: The security issues in question have been fixed, the project is also visible again here: http://forge.joomla.org/sf/frs/do/viewS ... anager/frs
I really liked the way this Gallery worked so if it is now safe to use that would be great. I really don't want to have to learn another Gallery unless it is just a simple to set up and get working as this one was.http://forge.joomla.org/sf/frs/do/selec ... rity_patch
The page you requested cannot be found.
Cheers, Ian
"Always remember. Love is the purest feeling, the wisest thought and the strongest reason. Always!"
by Sea-Life
"Always remember. Love is the purest feeling, the wisest thought and the strongest reason. Always!"
by Sea-Life
- konczal
- Joomla! Explorer
- Posts: 271
- Joined: Mon Mar 13, 2006 9:35 pm
- Location: New Jersey, US
Re: [ABANDONED] Mambo MGM Vulnerability --> Joomla fork with fix
MGM is back in action - they released a patch in December 2007, MGM v0.96 patch level 2:
http://www.macinhouse.com/mgm/component ... /Itemid,1/
-Eddie
http://www.macinhouse.com/mgm/component ... /Itemid,1/
-Eddie