Zoom Media Gallery version 2.5.1 RC4 and prior

For all Non-Joomla! security issues. ie 3pd Components etc.

Moderator: General Support Moderators

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11305
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Zoom Media Gallery version 2.5.1 RC4 and prior

Postby brian » Sat Apr 14, 2007 12:26 pm

A vulnerability has been identified in zOOm Media Gallery , which could be exploited by remote attackers to execute arbitrary commands. This issue is due to an input validation error in the "lib/iptc/EXIF_Makernote.php" script that does not validate the "mosConfig_absolute_path" parameter, which could be exploited by remote attackers to include malicious PHP scripts and execute arbitrary commands with the privileges of the web server.

Source  http://www.frsirt.com/english/advisories/2007/1353
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
mikedeboer
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Sat Aug 20, 2005 3:59 pm
Contact:

Re: Zoom Media Gallery version 2.5.1 RC4 and prior

Postby mikedeboer » Sat Apr 14, 2007 9:17 pm

I already knew about this vulnerability in ZMG, and I fixed it a while back too... It just hasn't been released yet - because I didn't have the time to do it!

To be honest, I don't have the time anymore to work on ZMG. I need some developers... and fast! You know anyone? :P

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11305
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Zoom Media Gallery version 2.5.1 RC4 and prior

Postby brian » Sat Apr 14, 2007 9:58 pm

Sorry Mike,not my strongpoint.

Maybe put a post asking for developers in another part of the forum
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

ZZzzzz
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Feb 26, 2007 7:13 am

Re: Zoom Media Gallery version 2.5.1 RC4 and prior

Postby ZZzzzz » Sun Apr 15, 2007 5:07 pm

mikedeboer wrote:I already knew about this vulnerability in ZMG, and I fixed it a while back too... It just hasn't been released yet - because I didn't have the time to do it!

To be honest, I don't have the time anymore to work on ZMG. I need some developers... and fast! You know anyone? :P

Hi Mike where I can sign-up.

User avatar
mikedeboer
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Sat Aug 20, 2005 3:59 pm
Contact:

Re: Zoom Media Gallery version 2.5.1 RC4 and prior

Postby mikedeboer » Mon Apr 16, 2007 8:30 am

Thanks Brian, I will.

ZZzzzz wrote:Hi Mike where I can sign-up.


If it's possible, could you send a short resumee (or something listing your experience) to 'mike AT zoomfactory DOT org'...or simply PM me :)

ZZzzzz
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Feb 26, 2007 7:13 am

Re: Zoom Media Gallery version 2.5.1 RC4 and prior

Postby ZZzzzz » Mon Apr 16, 2007 1:13 pm

To fix the security please update the EXIF_Makernote.php and EXIF.php with the ones include in this attachment.
Put it in the /components/com_zoom/lib/iptc/

a new release will be available soon on the zoom factory website

http://www.zoomfactory.org
You do not have the required permissions to view the files attached to this post.

a.fraile
Joomla! Apprentice
Joomla! Apprentice
Posts: 12
Joined: Mon Dec 05, 2005 11:04 am

Re: Zoom Media Gallery version 2.5.1 RC4 and prior

Postby a.fraile » Thu May 03, 2007 10:44 pm

brian wrote:which could be exploited by remote attackers to include malicious PHP scripts and execute arbitrary commands with the privileges of the web server.


I suppose that includes putting an .asp file containing facilities to examine your site files and deface it anytime (see attached screenshot)? Or should I be looking for something else here?

It worries me that once they put that file on your site, they can get your db details from configuration.php. You can imagine they can get whatever ftp account details are stored unprotected in any of the php files, for example in file safemode.php which is used by ZoomGallery component for allowing image uploading when/if safe mode is set to on, which many hosting providers still do today...

Any solution to protecting the db account details? How does Joomla address this, i.e. information in configuration.php being exposed? I know upgrading to the latest Joomla version and the latest versions of 3rd party add-ons is critical but there will always be security flaws to fix surely.

Regards,

A.Fraile

EDIT MOD: image doing publicity for hacker removed. No need to help the hackers.  ;)
Last edited by infograf768 on Wed May 30, 2007 7:23 am, edited 1 time in total.

althoffm
Joomla! Apprentice
Joomla! Apprentice
Posts: 44
Joined: Thu Mar 30, 2006 10:55 am

Re: Zoom Media Gallery version 2.5.1 RC4 and prior

Postby althoffm » Sun Jul 08, 2007 11:10 am

ZZzzzz wrote:To fix the security please update the EXIF_Makernote.php and EXIF.php with the ones include in this attachment.
Put it in the /components/com_zoom/lib/iptc/ a new release will be available soon on the zoom factory website
http://www.zoomfactory.org


Bit confused but if I understand right from Zoom forum messages.

1. The hack will not work if register globals is set off in both php as well as globals.php?
2. If using rc4 or prior your patch should be applied? Is the patch applied in the lastest Zoom download on the Zoom website why is the patch not available from the official Zoom website?

cadenza
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Fri Dec 28, 2007 5:55 pm

Re: Zoom Media Gallery version 2.5.1 RC4 and prior

Postby cadenza » Fri Dec 28, 2007 6:04 pm

Hi!!

need urgent help! my site has been defaced! a gif picture had been added to the ZMG main page between 2 of my galleries. How can I get rid of it?

althoffm
Joomla! Apprentice
Joomla! Apprentice
Posts: 44
Joined: Thu Mar 30, 2006 10:55 am

Re: Zoom Media Gallery version 2.5.1 RC4 and prior

Postby althoffm » Fri Dec 28, 2007 7:35 pm

cadenza wrote:Hi!! need urgent help! my site has been defaced! a gif picture had been added to the ZMG main page between 2 of my galleries. How can I get rid of it?


Can we have some more information which version are you using, did you apply the security patch posted by Mike, your security settings globals etc…

cadenza
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Fri Dec 28, 2007 5:55 pm

Re: Zoom Media Gallery version 2.5.1 RC4 and prior

Postby cadenza » Sat Dec 29, 2007 4:16 am

I am currently using ver 2.5.1 RC1. Nope, yet to apply the files. Pardon me to ask where to find the 2 update files mentioned earlier on in this thread?

any idea how I can remove the inserted gif inbetween my photo galleries? which file has been changed in ZMG directory? I know the file name of the inserted picture but do seem to be able to locate it in my server directories/files...

Thanks in advanced!

althoffm
Joomla! Apprentice
Joomla! Apprentice
Posts: 44
Joined: Thu Mar 30, 2006 10:55 am

Re: Zoom Media Gallery version 2.5.1 RC4 and prior

Postby althoffm » Sun Dec 30, 2007 1:25 pm

cadenza wrote: I am currently using ver 2.5.1 RC1. Nope, yet to apply the files. Pardon me to ask where to find the 2 update files mentioned earlier on in this thread? any idea how I can remove the inserted gif inbetween my photo galleries? which file has been changed in ZMG directory? I know the file name of the inserted picture but do seem to be able to locate it in my server directories/files...


There is a vulnerability [1] in all version prior to 2.5.1 RC4. I would start by removing your current version since it is hard to tell which files have been compromised and load the latest version from the Zoom website [2]. For the patch posted in this thread you have to login, the second message from ZZzzzz (April 16, 2007, 09:13:21 AM) contains file.

[1] http://help.joomla.org/component/option,com_easyfaq/task,view/id,186/Itemid,268/
[2] http://www.zoomfactory.org/index.php?option=com_remository&Itemid=61&func=select&id=1

cadenza
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Fri Dec 28, 2007 5:55 pm

Re: Zoom Media Gallery version 2.5.1 RC4 and prior

Postby cadenza » Sun Dec 30, 2007 2:37 pm

Thanks! but is there a way to do it so that my existing galleries will remain? ie. upgrade instead of a re-installation?


Return to “3rd Party/Non Joomla! Security Issues”

Who is online

Users browsing this forum: No registered users and 3 guests