Overview
»IDS/IPS Signatures
Security Sites
Products
White Papers
Data Sheets
Case Studies
Support Login
Locate a Partner
iPolicy Networks Security Advisory
 

Mambo mosConfig_absolute_path file inclusion vulnerability
Date Discovered: 8/7/2006
Severity: High
Operating Systems: Microsoft_Windows
Linux
HP-UX
IBM: AIX
IBM:OS/2
Sun Microsystems, Inc.: Solaris
Wind RiverSystems, Inc.: BSD
Apple Computer, Inc.: Mac OS X
Data General: DG/UX
Santa Cruz Operation, Inc.: SCO Unix
SGI: IRIX
Applications Affected: Mambo Gallery Manager version 0.95r2 & prior
Synopsis
A vulnerability has been identified in Mambo Gallery Manager (MGM) component for Mambo, which could be exploited by attackers to include arbitrary PHP files.
Recommended Actions
1. Review existing code for file operations to ensure that user input is properly validated.
2. When writing new code, try to limit the use of dynamic inputs from users to vulnerable mosConfig_absolute_path parameter.
3. Update to fixed version, when available, from the vendors website below:
http://mamboxchange.com/projects/mgm
Threat Analysis
Mambo Gallery Manager (MGM) is an open source component for MOS that allows administrator to create image galleries and publish them in content pages.

This flaw exists due to input validation errors in the "help.mgm.php" and "about.mgm.php" scripts that fail to validate the “mosConfig_absolute_path" parameter. A remote attacker could send a specially-crafted URL request to the "help.mgm.php" or the "about.mgm.php" script using the "mosConfig_absolute_path" parameter to include malicious files and execute arbitrary commands with the privileges of the web server.
References

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3981
http://www.frsirt.com/english/advisories/2006/3054
http://archives.neohapsis.com/archives/bugtraq/2006-07/0533.html

Write-up by: Nitin V. Shingari
Security Sites
 
“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”
 
Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner
 

 
Home | About Us | Products | Technology | Solutions | Support | Partners | News & Events | Resources | Contact Us
Copyright ©2008 iPolicy Networks - Security Products Division of Tech Mahindra Limited | Privacy Policy | Site Map