Joomla! 1.0.8 Released

Created on Sunday, 26 February 2006 00:00

 

Security Vunerabilities

Joomla! 1.0.8 Contains thirty-seven (37)  fixes for Security Vunerabilities.  14 Medium Level threats and 23 Low Level threats

Medium Level Threat Fixes

  • A3 - Hardening of Remember Me login functionality
  • A7 - Protect against real server path disclosure via syndication component
  • A1 - Limit arbitrary file creation via syndication component
  • A7 - Protect against real server path disclosure in mod_templatechooser
  • A9 - Inputfilter vunerable to DOS attacks
  • A2 - Disallow `Weblink` item from being accessible when 'unpublished'
  • A2 - Disallow `Polls` item from being accessible when 'unpublished'
  • A2 - Disallow `Newfeeds` item from being accessible when category 'unpublished'
  • A2 - Disallow `Weblinks` item from being accessible when category 'unpublished'
  • A2 - Disallow `Content` item from being accessible despite section/category 'access level'
  • A2 - Disallow `Newsfeed` item from being accessible despite category 'access level'
  • A2 - Disallow `Weblink` item from being accessible despite category 'access level'
  • A2 - Disallow `Content` item from being visible despite category 'access level'
  •   - `Blog - Content Section` & `Blog - Content Section Archive`
  • A2 - Disallow `Content` items from being viewable when category/section 'unpublished'
    - mod_newsflash

Low Level Threat Fixes

  • A3 - Harden frontend Session ID
  • A6 - Harden against multiple Admin SQL Injection Vulnerabilities
  • A1 - Disable ability to enter more than one email address in Contact Component contact form
  • A1 - Harden Contact Component with param option to check for existance of session cookie
    - enabled by default
  • A3 - Addiotional check for correct Admin session name
  • A2 - Disallow access to syndication functionality
  • A2 - Disallow `Newsfeeds` Categories from being accessible when 'unpublished'
  • A2 - Disallow `Contact` Categories from being accessible when 'unpublished'
  • A2 - Disallow `Weblink` Categories from being accessible when 'unpublished'
  • A2 - Disallow `Content Section` from being accessible when section 'unpublished'
    - `List - Content Section`
  • A2 - Disallow `Content Category` from being accessible when category/section 'unpublished'
    - `Table - Content Category`
  • A2 - Disallow `Contact` Categories from being accessible as per category 'access level'
  • A2 - Disallow `Newsfeeds` Categories from being accessible as per category 'access level'
  • A2 - Disallow `Weblinks` Categories from being accessible as per category 'access level'
  • A2 - Disallow `Content Section` from being accessible as per section 'access level'
    - `List - Content Section`
  • A2 - Disallow `Content Category` from being accessible as per section/category 'access level'
    - `Table - Content Category`
  • A2 - Disallow `Content Category` from being accessible as per category 'access level'
    - `Blog - Content Category` & `Blog - Content Category Archive`
  • A2 - Disallow `Content` item links from being visible as per category/section 'access level'
    - mod_newsflash, mod_latestnews, mod_mostread

OWASP Vunerability Categorization

As part of our improved focus on security, we are adopting the Open Web Application Security Project (OWASP) Top Ten Vulnerability categorization system, to standardize the categorization of security vulnerability reports.  The legend of the vulnerability categories for the vunerabilities above are listed below ( full list here ):

  • A1 - Unvalidated Input
  • A2 - Broken Access Control
  • A3 - Broken Authentication and Session Management
  • A6 - Injection Flaws
  • A7 - Improper Error Handling
  • A9 - Denial of Service