In association with heise online

22 November 2006, 11:12

New PostNuke version closes security holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A vulnerability has been removed from version 0.764 of PostNuke, a PHP content management system, that allowed attackers to inject their own PHP scripts and execute them with the web server's rights. The problem was caused by faulty filtering of the PNSVlang variable in the error.php module, the bug report claims. This in turn enabled directory traversal – a breaking out from the standard paths proscribed by the system. Still, the hole could only be used to embed and execute locally stored PHP scripts, which means that further steps were required for a successful attack.

Various non-security related flaws were also ironed out. This includes fixes by the developers to the installation routine, which prevented installation if the insecure register_globals=on option was set on the target system. The developers categorically recommend against that setting since it prevents variables in scripts from being set within user parameters and thereby provides potential targets for malicious manipulation. Alongside general security tips, the PostNuke-Wiki contains alternative possibilities on changing the option in various host environments.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit