Info

Disclosure

Jan 03, 2002

Discovery

Unknown

Dates

Exploit

Jan 03, 2002

Solution

Unknown

Description

Geeklog contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered during the installation, which creates an extra 'group_assignments' record with a user id of 13, but the user table only contains 12 users. The first new created user is a member of the GroupAdmin Group and the UserAdmin Group which could allow a remote attacker to gain access to administrative privileges resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Authentication Management
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to version 1.3.1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: In your MySQL editor enter the following command: SELECT username FROM users WHERE uid = 13 Afterwards, edit this user in admin/users.php and uncheck the 'GroupAdmin Group' and the 'UserAdmin Group' check boxes.

Products

Geeklog

1.3

References

Security Tracker: 1003117
CVE ID: 2002-0096 (see also: NVD)
Bugtraq ID: 3783
ISS X-Force ID: 7780
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-01/0028.html
Vendor URL: http://www.geeklog.net/
Vendor Specific Solution URL: http://www.geeklog.net/article.php/20020103130641485

Credit

Woody Hughes - woodythewoodman.org -

Direct URL: http://osvdb.org/36218