Tutorial - Mambo Site Server Vulnerabilities

Mambo Site Server Vulnerabilities

Created 3/4/03
CVE 2001-1011

Impact

A remote attacker could gain administrative access to Mambo Site Server and MySQL databases.

Background

Mambo Site Server is a web content management system.

The Problem

3/4/03
A flaw in Mambo Site Server allows access to the administrative interface using any session ID in the session table. Valid session IDs are stored in the table in MD5 format and returned to the web browser within a cookie upon logging out. Therefore, an attacker could gain administrative access by pretending to logout and creating a cookie containing the MD5 encoded session ID. Mambo Site Server 4.0.12 RC3 and earlier are affected by this vulnerability.

CVE 2001-1011
An older vulnerability affecting Mambo Site Server 3.0.0 through 3.0.5 could also allow administrative access.

Resolution

Download and install Mambo Site Server 4.0.12 RC4 or higher when available, or the patch for Mambo Site Server 4.0.12 RC3. The same patch is also reported to work for 4.0.12 RC2.

Where can I read more about this?

This vulnerability was posted to Bugtraq. The older vulnerability was posted to Bugtraq.