News

Vulnerability : SQL injection, various missing input/output validations: 0.750+

DESCRIPTION
PostNuke is an open source, open development content management system (CMS). PostNuke started as a fork from PHPNuke and provides many enhancements and improvements over the PHP-Nuke system.
PostNuke is still undergoing development but a large number of core functions are now stabilising and a complete API for third-party developers (including ADODB database abstraction and Smarty templating) is in place.
The PostNuke Development Team was notified about a couple of security issues within the current .760RC2 and has decided to backport the fixes also to the stable .750 package.

VULNERABILTIES
- missing input validation within /modules/Modules/pnadmin.php
- missing input validation within /includes/blocks/past.php
- missing output validation within /modules/Downloads/admin.php
- missing input validation within /modules/Downloads/dl-util.php
- missing input validation within /modules/Downloads/dl-search.php
- possible path disclosure within /modules/News/index.php

SOLUTION
It is recommended that all admins do an immediate upgrade of their sites to v0.750 then apply the latest security fix package available from the locations listed below.
Please note the main package has been updated to include this advisory so there is no need to apply this patch if you have downloaded PostNuke after the date of this announcement.

UPDATED PACKAGES
1. PostNuke 0.750 (tar.gz format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-411.html
SIZE: 2410936 Bytes
MD5 checksum: dcb276fa0aae4e22764eb22fd66ccd09
SHA1 checksum: bc8c5ccde62312956f72a144e67efbf65bf82349

2. PostNuke 0.750 (zip format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-410.html
SIZE: 3408707 Bytes
MD5 checksum: f49e17d4040892634c53b9fb5afe650c
SHA1 checksum: 82590102de8b0171993eaf94cc73006ad84ae752

3. Security Fix (changed files only) for PostNuke 0.750 (tar.gz format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-457.html
SIZE: 26990 Bytes
MD5 checksum: 2e654367bda64f8e9944273991997068
SHA1 checksum: fde99e26357003a8fd36aa7fde0da2859dc2c0b5

4. Security Fix (changed files only) for PostNuke 0.750 (.zip format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-458.html
SIZE: 32088 Bytes
MD5 checksum: e8b118732f19aa55d80550f6fe4d0caa
SHA1 checksum: f018e4f1d5339dce4b6a8419ac98a555c89945a2

NEW RELEASES
1. PostNuke 0.760RC3 (tar.gz format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-459.html
SIZE: 2936077 Bytes
MD5 checksum: FE0A655663073F9F68F878359CD459B3
SHA1 checksum: 7DCE900CE0B4A4940AB18143FE2B82FB526DBC89

2. PostNuke 0.760RC3 (zip format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-460.html
SIZE: 4265380 Bytes
MD5 checksum: c2cce796bbf803c7018fa2f4b2891c9f
SHA1 checksum: cb5dc8953a562bcf07bca392dcbe18009942e32c


ADDITIONAL INSTRUCTIONS
Place the files contained in this patch into the appropriate PostNuke directory that replaces the current files because by doing this you are applying the security fix to the system fix and this is what is meant by "patching" your system.
If you would like to receive security updates in the future, please subscribe to the PostNuke security list.
SPECIAL NOTE FOR .760RC3
PostNuke .760RC3 is not recommended for production sites. If performing an upgrade to .760 please review manual.txt carefully. Many of the core system modules are upgraded in this release so the process needs to be followed exactly.


CREDITS
The exploits have been originally found by Maksymilian Arciemowicz from http://www.securityreason.com/ and were reported via security contact.


Andreas Krapohl <larsneo>, PostNuke Development Team
February 28th, 2005</larsneo>

CVE references: CAN-2005-0615 / CAN-2005-0616 / CAN-2005-0617