PostNuke

Flexible Content Management System

News

PostNuke Security Advisory 2006-1

Contributed by on Jan 09, 2006 - 08:13 PM

VULNERABILTIES

Arbitrary SQL code execution via adodb (when db-user is 'root' without password)



SOLUTION

It is recommended that all admins check for the following files and folders and remove them if found:

/includes/classes/adodb/server.php

/includes/classes/adodb/cute_icons _for_site

/includes/classes/adodb/PEAR

/includes/classes/adodb/contrib

/includes/classes/adodb/session/old

/includes/classes/adodb/tests



Securing the whole /includes/classes directory from web access provides an extra layer of security, by protecting against potential as-yet undiscovered security risks in libraries.

The following .htaccess file, placed in the /includes/classes directory, will secure the directory (Download):

order allow,deny

deny from all




The main packages have been updated, the hash sums for the PostNuke CMS Platinum Edition 0.761a are:



PostNuke-0.761a.tar.gz

MD5: 0610c53c4bed0311862ccf422a68d6a5

SHA1: 0006f488cdb6ea53e532d9754a88fb17987a3a8c



PostNuke-0.761a.zip

MD5: e82bd983901e27e44ab8f82cc359dd00

SHA1: 3432699ded203a1b1fb2cdb6b1fab6cdbd367a4a



Download from downloads.postnuke.com



CREDITS

The exploit was originally discovered by Secunia (http://www.secunia.com), additional informations were given by Maksymilian Arciemowicz (http://www.securityreason.com)



REFERENCES

secunia.com/advisories/18260/

phplens.com/lens/lensforum/msgs.php?id=9350



Andreas Krapohl [larsneo]

PostNuke CMS Development Team
12476