[UNIX] Beehive Forum Software SQL Injection Vulnerability



The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Beehive Forum Software SQL Injection Vulnerability
------------------------------------------------------------------------


SUMMARY

<http://www.beehiveforum.net/> Beehive Forum is "an open source web based
forum application written in PHP". A vulnerability exists in the Beehive
Forum software that could allow a remote user to execute SQL injection
attacks. These attacks could compromise sensitive data including usernames
and passwords for the Beehive application. Arbitrary data from other
applications hosted on the same server could also be compromised,
depending on the configuration of MySQL.

DETAILS

Vulnerable Systems:
* Beehive Forum version 0.7.1

Immune Systems:
* Beehive Forum version 0.8

This vulnerability exists because of a failure in the application to
properly sanitize user input for the variable "t_dedupe". This variable is
accepted as input in the page "post.php". The value of this variable is
then included in an SQL statement which is executed with the PHP function
"@mysql_query". This function is specifically designed to mitigate the
effects of an SQL injection attack by not allowing multiple SQL statements
in one call. However, it is still possible to manipulate the SQL statement
through the "t_dedupe" variable to obtain arbitrary data from the
database.

Vendor Response:
There is a security vulnerability in Beehive Forum that could allow for
user logon and password MD5 hash disclosure.

This vulnerability has been fixed in the latest release of the product,
Beehive Forum 0.8. It is recommend all users immediately obtain the newest
version of Beehive Forum to protect against this threat.

Project Beehive Forum is available for download from the project website
at <http://www.beehiveforum.net/> http://www.beehiveforum.net/

If there are any further questions about this statement, please contact a
member of the development team.

Recommendation:
It is recommend all users immediately obtain the newest version of Beehive
Forum to protect against this threat. Project Beehive Forum is available
for download from the project website at <http://www.beehiveforum.net/>
http://www.beehiveforum.net/.

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6014>
CVE-2007-6014


ADDITIONAL INFORMATION

The information has been provided by <mailto:robert_brown@xxxxxxxxxxxx>
Nick Bennett and Robert Brown.



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.



Relevant Pages

  • [UNIX] PHPNuke Multiple Vulnerabilities in Search Module
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... cross-site scripting and SQL injections located throughout the ... The vulnerability exists in the ... The first SQL injection vulnerability is a non-critical one in the ...
    (Securiteam)
  • [UNIX] Multiple Vulnerabilities in NukeBookmarks (Full path disclosure, Cross Site Scripting, SQL I
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Cross Site Scripting and SQL Injection ... Full Path Disclosure Vulnerability: ...
    (Securiteam)
  • [UNIX] osCommerce SQL Injection Vulnerability (create_account_process.php)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... vulnerability in the product allows remote attackers to gain elevated ... * osCommerce version 2.2-MS1, possibly older versions. ... osCommerce is vulnerable to SQL Injection vulnerability in the ...
    (Securiteam)
  • [NT] Multiple Vulnerabilities in GoSmart Message Board
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... a SQL Injection vulnerability and a Cross Site ...
    (Securiteam)
  • [UNIX] Trend Micro VirusWall Buffer Overflow in VSAPI Library
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... buffer overflow vulnerability in VSAPI library allows arbitrary code ... is called "vscan" which is set suid root by default. ... permissions and thus granted all local users the privilege to execute the ...
    (Securiteam)