Ravens PHP Scripts

Joomla! Multiple Vulnerabilities
Date: Wednesday, September 10, 2008 @ 16:38:53 CEST
Topic: Security


SECUNIA ADVISORY ID: SA31789

VERIFY ADVISORY: http://secunia.com/advisories/31789/

CRITICAL: Moderately critical

IMPACT: Unknown, Brute force

SOFTWARE: Joomla! 1.x - http://secunia.com/advisories/product/5788/

DESCRIPTION: Some vulnerabilities and a security issue have been reported in Joomla!, where some have an unknown impact and others can potentially be exploited by malicious people to conduct brute force attacks. The vulnerabilities and security issue are reported in versions prior to version 1.5.7.



1) A security issue is caused due to an error when generating random numbers and can potentially be exploited to guess a generated token or password.
2) An input validation error exists within JRequest, which can be exploited to inject certain characters into returned data.
3) An input validation error exists within the "mailto" component before sending mails.

SOLUTION: Update to version 1.5.7.

PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Stefan Esser.
2) The vendor credits Andrew Eddie.
3) The vendor credits Phil Taylor.
ORIGINAL ADVISORY: http://www.joomla.org/announcements/release-news/5212-joomla-157-security-release-now-available.html






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3448