Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <50F085C8.1040909@igalia.com>
Date: Fri, 11 Jan 2013 22:36:08 +0100
From: Carlos Alberto Lopez Perez <clopez@...lia.com>
To: WHK Yan <yan.uniko.102@...il.com>
CC: Kurt Seifried <kseifried@...hat.com>, submit@...ecurity.com, 
 submissions@...ketstormsecurity.com, vuldb@...urityfocus.com, 
 1337 Exploit DataBase <mr.inj3ct0r@...il.com>,
 vuln@...unia.com, oss-security@...ts.openwall.com
Subject: Re: Re: [Full-disclosure] File Disclosure in SimpleMachines
 Forum <= 2.0.3

On 09/01/13 01:28, Kurt Seifried wrote:
> I apologize but I am having a heck of a time parsing that last
> sentence. If you want to send it in your native language I can
> probably get it translated from another Red Hat employee.
>

I'm Spanish native speaker. Let me translate this for you. This is a
free translation. I split it on several paragraphs for better readability.

On 09/01/13 02:33, WHK Yan wrote:
> disculpa, estaba utilizando google translator, hablo español. te explicaba
> que en ocaciones hay administradores que necesitan ayuda para administrar
> secciones de foros como en un smf, en mi caso soy parte de la comunidad de
> elhacker.net donde hay un solo administrador y varios coadministradores,
> ahora... el administrador no confia ni en su propia sombra y ha creado un
> grupo especial de usuarios desde el panel de grupos de usuarios llamado
> coadmin, este tipo de usuarios ha sido creado basado en los permisos de un
> administrador con la exepcion de instalar paquetes y cualquier cosa que
> pueda permitir tomar el control total del servidor y restringirlos
> unicamente a tareas del foro en si.

""" Excuse me, I was trying to use google translator. I speak spanish. I
was explaining you that sometimes there are administrators that need
help to administer forum sections of SMF. In my case I'm part of the
elhacker.net community where there is only one administrator and several
co-administrators. However, the administrator is very wary and he don't
trusts anybody, so he has created an special group of users from the
users panel group called coadmin. This coadmin users are created with
the typical forum administrator rights, with the exception that they are
not allowed to install packages or anything that could allow them to
take control over the forum. """

> con esta falla de seguridad un usuario
> como este coadministrador podria acceder al archivo de configuraciones y
> leer la base de datos pudiendo obtener el hash de sesion del admistrador
> para luego subir una shell maliciosa como una c99.php.

""" With this security flaw, one of this untrusted "coadministrators"
could access to the config file of the site and could obtain the
database passwords, and then he could get the session hash of the
administrator from the DB. Then he could upload an evil shell like
c99.php """

> este esenario se
> repite en multiples foros donde yo visito tales como portalhacker.net y
> el-hacker.com entre muchos otros. por eso pienso que es una falla de
> seguridad importante ya que si smf esta diseñado para proteger directorios
> y no lo hace correctamente permitiendo la lectura de archivos de forma
> arbitraria es porque para nosotros no es un caso aislado o tan simple de
> ver, es como el tipico esenario de "un xss es impacto alto o bajo?", todo
> depende del esenario y en nuestros casos es algo critico. gracias por su
> atencion señor Kurt.

""" Scenarios like this happen on many forums that I visit like
portalhacker.net or el-hacker.com, among others. I think that this
security flaw is important. SMF is designed to protect directory and
file access, and if it don't works as expected and allows reading any
file then the security implications are high.

I think this is like the typical question of "Is an XSS of high or low
impact?". All depends of the scenario and use case, and in our personal
use cases this is something critical. Thanks for your attention Mr. Kurt """


Best regards!
-------------


Download attachment "signature.asc" of type "application/pgp-signature" (901 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.