| anpera.net https://anpera.homeip.net/phpbb3/ | |
| Kritische Sicherheitslücke in LoGD 1.0.6 und 1.1.0 https://anpera.homeip.net/phpbb3/viewtopic.php?f=26&t=2894 | Seite 1 von 1 | 
| Autor: | anpera [ So 17 Sep, 2006 12:24 ] | 
| Betreff des Beitrags: | Kritische Sicherheitslücke in LoGD 1.0.6 und 1.1.0 | 
| Hier der Originaltext der bestätigten E-Mail: Zitat: Please be advised:  A security issue was discovered against the Legend of the Green Dragon code base[...]. It is imperative that you apply the below patch as soon as possible. The vulnerability permits masquerading as any user account. If you run the suipcontrol module, then your server will be protected against unwanted administrative changes, but users who are able to exploit this vulnerability will be able to masquerade as any user for any non-administrative purpose. Unfortunately this vulnerability was disclosed to the public before it was brought to our attention, so we were not able to issue a preemptive patch. The public disclosure was removed within an hour, but anyone who read it in the mean time may be able to figure out how to exploit this vulnerability. How to protect yourself against this exploit: Admins of the 1.0.6 version can find an updated version of "login.php" here: http://lotgd.net/updated_1.0.6_login.tar.gz Admins for the 1.1.0 Dragonprime Edition can visit Dragonprime.net to find an updated version of this file as soon as it is available. Anyone else may manually edit login.php and add this line of code immediately before the first $sql statement (typically around line 30): $password = addslashes($password); So typically this will look like: $password = addslashes($password); $sql = "SELECT * FROM " . db_prefix("accounts") . " WHERE login = '$name' AND password='$password' AND locked=0"; However it's possible that your $sql statement looks slightly different. Please contact me at MightyE@MightyE.org if you have questions on how to implement this on your server, and I will do my very best to help you out. As far as I know, this is the first security vulnerability discovered against the Legend of the Green Dragon core code base (meaning that it is not the result of a 3rd party module outside our control). -Eric "MightyE" Stevens Für die hier zum Download angebotene Version "LoGD 0.9.7 ext GER 3" ist diese mögliche Lücke schon länger bekannt. Seit August 2005 steht im Changes Log ein vergleichbarer Patch zur Verfügung, allerdings als reine Vorsichtsmaßnahme. Ein Exploit ist für ext GER 3 an dieser Stelle nicht bekannt. -> Klick | |
| Seite 1 von 1 | Alle Zeiten sind UTC + 1 Stunde | 
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ | |