---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Kloxo / HyperVM Multiple Vulnerabilities SECUNIA ADVISORY ID: SA35337 VERIFY ADVISORY: http://secunia.com/advisories/35337/ DESCRIPTION: Some vulnerabilities and security issues have been reported Kloxo, which can be exploited by malicious, local users to disclose sensitive information or manipulate certain data, by malicious user to bypass certain security restrictions and potentially compromise an affected system, and by malicious people to conduct cross-site scripting and SQL injection attacks. 1) An error in the handling of userids can lead to insecure file permissions for e.g. temporary files. 2) When a new user is created via kloxo the password hash can be disclosed via the process list. 3) Input passed e.g. to the "frm_action" and the "frm_o_cname" parameters in display.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) Input passed via the user name when logging in on port 7778 is not properly sanitised before being used to write a log file as root. This can e.g. be exploited in combination with a symlink attack to append data to arbitrary files on an affected system. 5) Various errors when e.g. creating accounts or adding subdomains can be exploited via symlink attacks to change the permissions of arbitrary files on an affected system. 6) An error when adding FTP users can be exploited via symlink attacks to gain file ownership of arbitrary files on an affected system. 7) An error in the "InstallApp" feature can be exploited via symlink attacks to overwrite arbitrary files on an affected system. 8) An error in the domain management feature can be exploited via directory traversal attacks to create or gain ownership of arbitrary directory on an affected system. 9) Input validation errors in the "Backup Home" feature can be exploited to inject and execute arbitrary commands as root. 10) A security issue exists due to the "Stats Page Protection" feature storing password hashes in a world-readable file. 11) An error in the "Parked / Redirected Domains" feature may be exploited via symlink attacks to overwrite certain files. 12) An error in lxguard in the handling of failed login attempts can be exploited to block arbitrary IPs. 13) An error in the "Protected Directories" feature can be exploited via symlink attacks to gain ownership of arbitrary files on the system. 14) An error in the file manager can be exploited to view or edit arbitrary files via hardlinks. 15) Various errors in the file manager can be exploited via symlink attacks to create, overwrite, or gain the ownership of arbitrary files. 16) Input passed via the "frm_clientname" parameter in index.php when using the "Forgot Password" feature is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Other issues that may have a security impact under certain circumstances have also been reported. Some of the vulnerabilities may also affect HyperVM. SOLUTION: Some of the vulnerabilities have been fixed in updated versions. No further information is currently available. Grant only trusted users access to an affected system. Use another product. PROVIDED AND/OR DISCOVERED BY: n/a ORIGINAL ADVISORY: http://milw0rm.com/exploits/8880 LXLabs: http://forum.lxlabs.com/index.php?t=msg&th=12317&start=0 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------