The Joomla! Forum ™

Download

Demo


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x

Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 5 posts ] 
  Print view Previous topic | Next topic 
Author Message
stingrey
PostPosted: Tue Feb 21, 2006 10:13 pm 
User avatar
Joomla! Hero
Joomla! Hero
Offline

Joined: Mon Aug 15, 2005 4:36 pm
Posts: 2756
Location: Marikina, Metro Manila, Philippines
2006-02-21 - Joomla! 1.0.x is not affected by recent Mambo Vulnerability

There is some concern in the community about the recent Vunerability that affects the Mambo codebase as announced on the Mambo homepage and here:
http://forum.mamboserver.com/showthread ... post335532

Our internal testing and direct contact with GulfTech Research And Development - the discoverer of the Mambo vunerability - has confirmed that the vunerability does NOT affect the Joomla! 1.0.x codebase.  This security weakness was addressed in Joomla! 1.0.0

However, you need to ensure that you are at least be running Joomla! 1.0.4, as 1.0.3 and below are vulnerable to an unrelated Critical Level security threat as explained in the 1.0.4 release article:
http://www.joomla.org/content/view/498/74/
Critical is Joomla! highest security rating and represents a security vulnerability that can lead to a site loss.

1.0.8 will be out very shortly and all Joomla! users should upgrade to this version.


This is a direct copy of my blog post here:
http://dev.joomla.org/component/option, ... d,33/p,35/

_________________
Rey Gigataras - Joomlatools Team Member
http://www.joomlatools.eu <-- Joomla extensions that just work
http://path.to/rey.gigataras <-- About Me :)
Online Community Manager, Support Engineer, Web Developer, Event Manager, Sports Coach :D


Last edited by Hackwar on Thu Jul 13, 2006 10:27 am, edited 1 time in total.

Top
 Profile  
 
stingrey
PostPosted: Wed Feb 22, 2006 6:14 pm 
User avatar
Joomla! Hero
Joomla! Hero
Offline

Joined: Mon Aug 15, 2005 4:36 pm
Posts: 2756
Location: Marikina, Metro Manila, Philippines
2006-02-20 - Joomla not affected by report about Linux worm targetting Mambo

There is some concern in the community about recent reports over the Electronic press about a Linux worm that utilizes a security flaw in Mambo reported by F-Secure, as can be seen by these 2 reports:
http://www.theregister.co.uk/2006/02/20/linux_worm/
http://www.infoworld.com/article/06/02/ ... 2006-02-27



This is an OLD vulnerability.
This vunerability does NOT affect the latest versions of Mambo or Joomla!
It also has NOTHING to do with a recent vulnerability in Mambo found by Gulftech, which I blogged here:
http://dev.joomla.org/component/option, ... d,33/p,35/

This vulnerability only affects Mambo 4.5.2.0 and was fixed in Mambo 4.5.2.1 on 25th of February 2005:
http://secunia.com/advisories/14337



This means this is a bug now a year old. The only way this vunerability can be exploited is if you are using Mambo 4.5.2.0 - if you are you MUST upgrade to the latest version of Mambo, which is Mambo 4.5.3h + security patch 1. Otherwise I would suggest migrating to Joomla 1.0.7, the instructions for which can be found here:
http://help.joomla.org/content/view/818/132/



This is an exact copy of my blog here:
http://dev.joomla.org/component/option, ... d,33/p,36/

_________________
Rey Gigataras - Joomlatools Team Member
http://www.joomlatools.eu <-- Joomla extensions that just work
http://path.to/rey.gigataras <-- About Me :)
Online Community Manager, Support Engineer, Web Developer, Event Manager, Sports Coach :D


Last edited by Tonie on Sun Apr 16, 2006 9:59 am, edited 1 time in total.

Top
 Profile  
 
stingrey
PostPosted: Fri Mar 03, 2006 6:41 pm 
User avatar
Joomla! Hero
Joomla! Hero
Offline

Joined: Mon Aug 15, 2005 4:36 pm
Posts: 2756
Location: Marikina, Metro Manila, Philippines
2006-03-03 - Latest Secunia Advisory is based on 1.0.8 Release information

http://dev.joomla.org/component/option, ... d,33/p,56/
Quote:
Secunia has released a new security advisory, however if you are running Joomla! 1.0.8 you have NOTHING to worry about:
http://secunia.com/advisories/19105/

In fact their advisory is based on our official Joomla! 1.0.8 Release information, as can be read via this line:
Quote:
  Provided and/or discovered by:
    Reported by the vendor.

Basically it means that they have taken our information here
http://www.joomla.org/content/view/940/74/1/3/
to create their report.

So if you are running Joomla! 1.0.8, NONE of these vunerabilites affect you, as 1.0.8 was specifically released to correct these vunerabilities.
Read the rest of this entry »

_________________
Rey Gigataras - Joomlatools Team Member
http://www.joomlatools.eu <-- Joomla extensions that just work
http://path.to/rey.gigataras <-- About Me :)
Online Community Manager, Support Engineer, Web Developer, Event Manager, Sports Coach :D


Last edited by Tonie on Sun Apr 16, 2006 10:00 am, edited 1 time in total.

Top
 Profile  
 
stingrey
PostPosted: Mon Mar 13, 2006 5:52 pm 
User avatar
Joomla! Hero
Joomla! Hero
Offline

Joined: Mon Aug 15, 2005 4:36 pm
Posts: 2756
Location: Marikina, Metro Manila, Philippines
2006-03-13 - Joomla! 1.0.3 and below is vulnerable to a CRITICAL Security flaw
If you are running Joomla! 1.0.3, 1.0.2, 1.0.1 or 1.0.0 then you MUST upgrade to at LEAST 1.0.4

Joomla! 1.0.3 and below are vulnerable to a CRITCIAL LEVEL security threat.
Critical is the highest security rating we give to a vulnerability.

This vulnerability can lead to your site being hacked/attacked by malicious users and lead to a loss of control of your site.
There have been confirmed reports of sites running these versions of Joomla! being attacked by this vulnerability and there are automated scripts that parse the internet and automatically test sites for this vulnerability - even non-joomla sites.

We highly recommend you upgrade to the latest version of Joomla!:
http://www.joomla.org/content/blogcategory/32/66/

The succeeding versions of Joomla! have additional lower level security fixes.

_________________
Rey Gigataras - Joomlatools Team Member
http://www.joomlatools.eu <-- Joomla extensions that just work
http://path.to/rey.gigataras <-- About Me :)
Online Community Manager, Support Engineer, Web Developer, Event Manager, Sports Coach :D


Last edited by Tonie on Sun Apr 16, 2006 10:00 am, edited 1 time in total.

Top
 Profile  
 
Hackwar
PostPosted: Thu Jul 13, 2006 10:26 am 
User avatar
Joomla! Virtuoso
Joomla! Virtuoso
Offline

Joined: Fri Sep 16, 2005 8:41 pm
Posts: 3745
Location: NRW - Germany
In all Joomla! versions up to 1.0.9 there have been two security vulnerabilities. One of these was a High Level Security threat, therefore we strongly advise you to upgrade to at least 1.0.10!!

Vulnerabilities:

SQL Injection into Weblinks component
This vulnerability is of a very critical nature and could allow people direct access to your site. This also affects your site when the component is not published! Read more about it here. This has been fixed in Joomla! 1.0.10!

XSS Cross-Site Scripting vulnerability
This is a Low Level security threat. Read more about it here

We highly recommend you upgrade to the latest version of Joomla!:
http://www.joomla.org/content/blogcategory/32/66/

The succeeding versions of Joomla! have additional lower level security fixes.

_________________
god doesn't play dice with the universe. not after that drunken night with the devil where he lost classical mechanics in a game of craps.

Since the creation of the Internet, the Earth's rotation has been fueled, primarily, by the collective spinning of English teachers in their graves.
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 5 posts ] 


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group