[Full-disclosure] Serious holes affecting SiteBar 3.3.8

[Tim Brown]

All,

As a result of a short security audit of SiteBar, a number of security holes 
were found.  The holes included code execution, a malicious redirect and 
multiple cases of Javascript injection.

After liasing with the developers, the holes have been patched.  Attached are 
the advisory and patch relating to these flaws.

CVEs open already relating to this audit:

* CVE-2006-3320 (Javascript injection) - previously reported by other parties 
but not resolved and so included for completeness

* CVE-2007-5492 (code execution) - first reported in my attached advisory to 
the vendor, independently rediscovered by Robert Buchholz of Gentoo whilst 
auditing the differences between the patched and unpatched versions (3.3.8 vs 
3.3.9)

* CVE-2007-5491 (file permissions issue) - apparently patched by the vendor at 
the same time as my issues were resolved and discovered by Robert Buchholz of 
Gentoo whilst auditing the differences between the patched and unpatched 
versions (3.3.8 vs 3.3.9)

It is intended that CVE-2007-5492 will be updated to reference both code 
execution flaws I reported.  All other issues in the advisory have been 
patched but no CVEs have yet been requested or assigned to the best of my 
knowledge.

Tim
-- 
Tim Brown
<mailto:timb at nth-dimension.org.uk>
<http://www.nth-dimension.org.uk/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fixedvulnerability.patch
Type: text/x-diff
Size: 36652 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071018/58b739b2/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NDSA20071016.txt.asc
Type: application/pgp-keys
Size: 4740 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071018/58b739b2/attachment-0001.bin