[UPGRADE AVAIL.] Security Images Vulnerability

For all Non-Joomla! security issues. ie 3pd Components etc.

Moderator: General Support Moderators

User avatar
Elpie
Joomla! Guru
Joomla! Guru
Posts: 903
Joined: Wed Aug 17, 2005 11:26 pm
Contact:

[UPGRADE AVAIL.] Security Images Vulnerability

Postby Elpie » Mon Jul 31, 2006 1:29 pm

Remote file include exploit is in the wild.
Last edited by RobS on Thu Aug 10, 2006 8:17 pm, edited 1 time in total.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info

Kindred
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 182
Joined: Thu Aug 18, 2005 8:43 pm
Contact:

Re: Security Images 3.0.5

Postby Kindred » Mon Jul 31, 2006 2:15 pm

more specifics? ???

User avatar
Elpie
Joomla! Guru
Joomla! Guru
Posts: 903
Joined: Wed Aug 17, 2005 11:26 pm
Contact:

Re: Security Images 3.0.5

Postby Elpie » Mon Jul 31, 2006 2:47 pm

I wish I could give more specifics, but as far as I am aware an official advisory has not yet been issued. I got my information from two blackhat sites, both giving scripts to use.  I can only share that information with the projects developers, sorry :(
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info

joomlaturk
Joomla! Explorer
Joomla! Explorer
Posts: 469
Joined: Thu Aug 18, 2005 10:40 pm
Location: las vegas USA
Contact:

Re: Security Images 3.0.5

Postby joomlaturk » Mon Jul 31, 2006 4:28 pm

TITLE:
Joomla Security Images Component File Inclusion

SECUNIA ADVISORY ID:
SA21260

VERIFY ADVISORY:
http://secunia.com/advisories/21260/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Security Images 3.x (component for Joomla)
http://secunia.com/product/11186/

DESCRIPTION:
Drago84 has discovered some vulnerabilities in the Security Images
component for Joomla, which can be exploited by malicious people to
compromise a vulnerable system.

Input passed to the "mosConfig_absolute_path" parameter is not
properly verified before being used to include files. This can be
exploited to execute arbitrary PHP code by including files from local
or external resources.

Affected files:
administrator/components/com_securityimages/configinsert.php
administrator/components/com_securityimages/lang.php

Successful exploitation requires that "register_globals" is enabled.

The vulnerabilities have been confirmed in version 3.0.5. Other
version may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

Set "register_globals" to "Off".

PROVIDED AND/OR DISCOVERED BY:
Drago84

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/2083

----------------------------------------------------------------------
joomla 1.6 Türk destek sitesi http://www.joomlaturk.net/

User avatar
RobS
Joomla! Ace
Joomla! Ace
Posts: 1367
Joined: Mon Dec 05, 2005 10:17 am
Location: New Orleans, LA, USA
Contact:

Re: Security Images 3.0.5

Postby RobS » Tue Aug 01, 2006 6:09 am

Thanks all for the info... added to the official list.
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions

averan
Joomla! Apprentice
Joomla! Apprentice
Posts: 48
Joined: Thu Nov 03, 2005 4:46 pm

Re: Security Images 3.0.5

Postby averan » Tue Aug 01, 2006 6:26 pm

it seems to me that anyone who understands php could easily patch Security Images.

only 2 files are listed as liabilities....

and the fix suggested in this forum is to harden the call to

Code: Select all

require_once($mosConfig_absolute_path."/administrator/components/com_securityimages/lang.php");
by defining the absolute path:

Code: Select all

define( 'YOURBASEPATH', dirname(__FILE__) );
 require_once( YOURBASEPATH . '/file_to_include.php' );


unfortunately, i don't know php well enough to apply this.

anyone?

User avatar
Tonie
Joomla! Master
Joomla! Master
Posts: 16584
Joined: Thu Aug 18, 2005 7:13 am

Re: Security Images 3.0.5

Postby Tonie » Tue Aug 01, 2006 8:50 pm

Version 3.06 has been brought out: http://forge.joomla.org/sf/projects/com_securityimages .

User avatar
tarquel
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Sun Jan 29, 2006 7:49 pm
Location: Machynlleth, Mid-Wales, UK
Contact:

Re: Security Images 3.0.5

Postby tarquel » Tue Aug 01, 2006 10:14 pm

wish i could get the new one to work :(

Using 3.0.6 and the latest Akobook version, but it just refuses to work.

Only can get the freecap plugin to appear - the other two just dont do anything - and even though it appears to work, when u submit the guestbook entry - having put the secuity word in, it doesnt work.

I thought that I was being dumb and that I hadnt realised it was case sensitive - but either I'm blind, or it really doesnt want to know.

I did wonder whether the hardening of the latest joomla but i'm not sure.

If anyone wants to try and see, go to the guestbook at: http://www.threeminutewarning.co.uk

I really feel like never updating any component or Joomla itself again as something always goes wrong hehe

/rant ;)

Cheers
Nath.
Nathan Harmsworth
Network Administrator of YBD [Edu]
Webmaster of Three Minute Warning and tarquel.net

User avatar
Elpie
Joomla! Guru
Joomla! Guru
Posts: 903
Joined: Wed Aug 17, 2005 11:26 pm
Contact:

Re: Security Images 3.0.5

Postby Elpie » Wed Aug 02, 2006 1:44 am

Nath - make sure you report this on the bug tracker on the forge's project pages.
Project devs do see these reports but may miss seeing forum posts.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info

User avatar
tarquel
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Sun Jan 29, 2006 7:49 pm
Location: Machynlleth, Mid-Wales, UK
Contact:

Re: Security Images 3.0.5

Postby tarquel » Wed Aug 02, 2006 5:31 pm

Hi there

I've just posted a topic on their forum at http://forums.waltercedric.com/index.ph ... ,16.0.html

Can't seem to find the SF for the project hehe Maybe its me being dumb or something today lol

Cheers
Nath.
Nathan Harmsworth
Network Administrator of YBD [Edu]
Webmaster of Three Minute Warning and tarquel.net

elmoch
Joomla! Explorer
Joomla! Explorer
Posts: 410
Joined: Fri Aug 26, 2005 10:13 pm
Location: Spain
Contact:

Re: Security Images 3.0.5

Postby elmoch » Wed Aug 02, 2006 10:44 pm

tarquel wrote:Hi there

I've just posted a topic on their forum at http://forums.waltercedric.com/index.ph ... ,16.0.html

Can't seem to find the SF for the project hehe Maybe its me being dumb or something today lol

Cheers
Nath.


Hi Nath,

From Walter Cedric's wiki you are referred to http://developer.joomla.org/sf/sfmain/d ... rityimages .
So that's the place to go!  :)
My Extensions: JM-Recommend, JM-Credits, JM-Link Us (for J! 1.0.x). Find them in the 3rd Party Extensions Forum.
Joomla test installation: www.poraqui.net/joomla  User: test  Password: test

User avatar
tarquel
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Sun Jan 29, 2006 7:49 pm
Location: Machynlleth, Mid-Wales, UK
Contact:

Re: Security Images 3.0.5

Postby tarquel » Wed Aug 02, 2006 11:26 pm

ahhhhh thats the one :)

Thanks [and it looks like all my problems have been mentioned already - except integration into the SMF Bridge perhaps]

Cheers
Nath.
Nathan Harmsworth
Network Administrator of YBD [Edu]
Webmaster of Three Minute Warning and tarquel.net

karryberry
I've been banned!
Posts: 21
Joined: Wed Dec 19, 2007 10:36 pm

Re: Security Images 3.0.5

Postby karryberry » Thu Dec 20, 2007 4:36 pm

Elpie wrote:I wish I could give more specifics, but as far as I am aware an official advisory has not yet been issued. I got my information from two blackhat sites, both giving scripts to use.  I can only share that information with the projects developers, sorry :(


tell me more.
smile


Return to “3rd Party/Non Joomla! Security Issues”

Who is online

Users browsing this forum: No registered users and 2 guests