News

Arbitrary SQL code execution via adodb (when DB-user is 'root' without password)

DESCRIPTION
PostNuke is an Open Source, open-development content management system (CMS). PostNuke is still undergoing development, but a large number of core functions are now stabilizing and a complete API for third-party developers is now implemented. The PostNuke CMS Development Team was notified by secunia.com about a vulnerability in the adodb database abstraction layer.



VULNERABILTIES
Arbitrary SQL code execution via adodb (when DB-user is 'root' without password)

SOLUTION
It is recommended that all admins check for the following files and folders and remove them if found:
/includes/classes/adodb/server.php
/includes/classes/adodb/cute_icons _for_site
/includes/classes/adodb/PEAR
/includes/classes/adodb/contrib
/includes/classes/adodb/session/old
/includes/classes/adodb/tests

Securing the whole /includes/classes directory from web access provides an extra layer of security, by protecting against potential as-yet undiscovered security risks in libraries.
The following .htaccess file, placed in the /includes/classes directory, will secure the directory (Download):

order allow,deny

deny from all

The main packages have been updated, the hash sums for the PostNuke CMS Platinum Edition 0.761a are:

PostNuke-0.761a.tar.gz
MD5: 0610c53c4bed0311862ccf422a68d6a5
SHA1: 0006f488cdb6ea53e532d9754a88fb17987a3a8c

PostNuke-0.761a.zip
MD5: e82bd983901e27e44ab8f82cc359dd00
SHA1: 3432699ded203a1b1fb2cdb6b1fab6cdbd367a4a

Download from downloads.postnuke.com

CREDITS
The exploit was originally discovered by Secunia (http://www.secunia.com), additional informations were given by Maksymilian Arciemowicz (http://www.securityreason.com)

REFERENCES
secunia.com/advisories/18260/
phplens.com/lens/lensforum/msgs.php?id=9350

Andreas Krapohl [larsneo]
PostNuke CMS Development Team