[UNIX] Slashcode Login Vulnerability (Patch Available)
From: support@securiteam.comDate: 02/20/02
- Previous message: support@securiteam.com: "[UNIX] More Local Root Vulnerabilities during Installation of Tarantella Enterprise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Wed, 20 Feb 2002 22:50:25 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Slashcode Login Vulnerability (Patch Available)
------------------------------------------------------------------------
SUMMARY
Slash, the code that runs Slashdot and many other web sites, has a
cross-site scripting vulnerability in all versions prior to 2.2.5,
released February 7, 2002.
Users who have JavaScript enabled, and who can be persuaded to click on an
attacker's URL on a victim Slash website, will send their Slash cookie,
with username and password, to the attacker's website.
The attacker can then take over the user's account. If the user is an
administrator of the victim Slash website, the attacker can take nearly
full control of that site (post and delete stories, edit users, post as
other users, etc.).
DETAILS
Vulnerable systems:
Any Slash system running code prior to 2.2.5 (released February 7, 2002).
This includes 1.x and 2.0.x as well as 2.2.0 through 2.2.4. Sites using
the development code from CVS since February 7 are unaffected.
Resolution:
Slash 2.1 and 2.2 sites should upgrade to Slash 2.2.5 immediately. Systems
running development code from CVS should run CVS update and install the
most recent code.
Slash 1.0.x and 2.0.x are no longer supported and there will not be
further releases. Sites running these versions should apply the patches
at this URL:
<http://slashcode.com/article.pl?sid=02/02/07/1624221>
http://slashcode.com/article.pl?sid=02/02/07/1624221
Furthermore, site administrators should change their passwords, and check
the "seclev" field in the users table to make sure no one has a seclev
greater to or equal than "100" who should not have administrator
privileges:
mysql> SELECT uid, nickname, seclev FROM users WHERE seclev >= 100;
That should list only users with some administrator privileges.
As always, Slash site administrators should subscribe to the
slashcode-general or slashcode-announce mailing lists, to keep up to date
on the latest releases and security notices. Subscription information is
on the <http://slashcode.com/> Slashcode site.
ADDITIONAL INFORMATION
The information has been provided by <mailto:takagi at ETL.GO.JP>
Hiromitsu Takagi and <mailto:jamie@mccarthy.vg> Jamie McCarthy.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] More Local Root Vulnerabilities during Installation of Tarantella Enterprise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
