AOH :: HP Unsorted O :: VA3043.HTM

OpenX 2.4.11, 2.6.5, 2.8.0 fix multiple vulnerabilities



OpenX 2.4.11, 2.6.5, 2.8.0 fix multiple vulnerabilities
OpenX 2.4.11, 2.6.5, 2.8.0 fix multiple vulnerabilities



=======================================================================OpenX security advisory                                OPENX-SA-2009-002
------------------------------------------------------------------------
Advisory ID:           OPENX-SA-2009-002
Date:                  2009-Apr-01
Security risk:         Critical
Applications affetced: OpenX
Versions affected:     <= 2.4.10, <= 2.6.4, <= 2.7.29-beta
Versions not affected: >= 2.4.11, >= 2.6.5, >= 2.8.0
=======================================================================

=======================================================================Multiple vulnerabilities Discovered by Sandro Gauci
=======================================================================
Description
-----------
A security review was recently being conducted on Openx 2.6.4 by Sandro
Gauci. As part of the review he reported the following vulnerabilities:

  - SQL injection in adview.php and other delivery scripts because of
   missing or improper validation of the "OAID" cookie;
  - SQL injection in tjs.php because of missing or improper validation
   of the "referer" GET parameter;
  - XSS vulnerability in sso-accounts.php because of missing or improper
   validation of the "email" GET parameter (2.4.x not affected)
  - Possible arbitrary file deletion in tjs.php via the "trackerid" GET
   parameter
  - Possible CRLF injection in various delivery files because of missing
   sanitisation of parameters (PHP 4.4.2 or 5.1.2 and follwing versions
   are not affected)
  - Possible arbitrary file deletion in various delivery scripts

Both the SQL injection vulnerabilities can be remotely exploited by
unauthenticated attackers: upgrading is strongly advised.

References
----------
https://developer.openx.org/jira/browse/OX-4867
http://resources.enablesecurity.com/advisories/openx-2.6.4-multiple.txt 


=======================================================================Vulnerabilites previously repoted by Secunia
=======================================================================
Description
-----------
A security review was previously conducted by Sarid Harper on behalf of
Secunia and led to the release of OpenX 2.4.10 and 2.6.4 fo fix a number
of vulnerabilities. He recently reported that OpenX 2.6.4 was still
vulnerable to two of them and they have been properly fixed now:

  - Input passed to the "userid" parameter in "www/admin/admin-user.php"
   is not properly sanitised before being returned to the user. This can
   be exploited to execute arbitrary HTML and script code in a user's
   browser session in the context of an affected site (#9)
  - Input passed to the "agencyid" parameter in
   "www/admin/agency-edit.php" is not properly sanitised before being
   returned to the user. This can be exploited to execute arbitrary
   HTML and script code in a user's browser session in the context of
   an affected site (#11)

References
----------
http://secunia.com/advisories/32197/ 
https://developer.openx.org/jira/browse/OX-4803
https://developer.openx.org/jira/browse/OX-4805
https://developer.openx.org/jira/browse/OX-4957


=======================================================================Multiple SQL injections and XSS vulnerabilities
=======================================================================
Description
-----------
A security review was internally performed following Secunia's report.
A number of XSS vulnerabilities were found and fixed, plus several SQL
injection vulnerabilities:

  - SQL injection in userlog-index.php via the "advertiserId" parameter
  - SQL injection in channel-edit.php via the "affiliateid" parameter
  - SQL injection in banner-zone.php via the "bannerid" parameter

All require authentication to be exploited.



References
----------
https://developer.openx.org/jira/browse/OX-4826



Solution
=======
We stronly advise people running affected versions to upgrade to the
most recent versions of OpenX: 2.4.11, 2.6.5 or 2.8.0.


Contact informations
===================
The security contact for OpenX can be reached at:


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.