VULNERABILTIES
Arbitrary SQL code execution via adodb (when db-user is 'root' without password)
SOLUTION
It is recommended that all admins check for the following files and folders and remove them if found:
/includes/classes/adodb/server.php
/includes/classes/adodb/cute_icons _for_site
/includes/classes/adodb/PEAR
/includes/classes/adodb/contrib
/includes/classes/adodb/session/old
/includes/classes/adodb/tests
Securing the whole /includes/classes directory from web access provides an extra layer of security, by protecting against potential as-yet undiscovered security risks in libraries.
The following .htaccess file, placed in the /includes/classes directory, will secure the directory (
Download):
order allow,deny
deny from all
The main packages have been updated, the hash sums for the PostNuke CMS Platinum Edition 0.761a are:
PostNuke-0.761a.tar.gz
MD5: 0610c53c4bed0311862ccf422a68d6a5
SHA1: 0006f488cdb6ea53e532d9754a88fb17987a3a8c
PostNuke-0.761a.zip
MD5: e82bd983901e27e44ab8f82cc359dd00
SHA1: 3432699ded203a1b1fb2cdb6b1fab6cdbd367a4a
Download from
downloads.postnuke.com
CREDITS
The exploit was originally discovered by Secunia (http://www.secunia.com), additional informations were given by Maksymilian Arciemowicz (http://www.securityreason.com)
REFERENCES
secunia.com/advisories/18260/
phplens.com/lens/lensforum/msgs.php?id=9350
Andreas Krapohl [larsneo]
PostNuke CMS Development Team