-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2013.0060
        A number of vulnerabilities have been identified in Joomla!
                               26 April 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Joomla!
Operating System:     Windows
                      UNIX variants (UNIX, Linux, OSX)
Impact/Access:        Denial of Service    -- Remote/Unauthenticated      
                      Cross-site Scripting -- Remote with User Interaction
                      Unauthorised Access  -- Existing Account            
                      Increased Privileges -- Existing Account            
Resolution:           Patch/Upgrade
CVE Names:            CVE-2013-3267 CVE-2013-3242 CVE-2013-3059
                      CVE-2013-3058 CVE-2013-3057 CVE-2013-3056
Member content until: Sunday, May 26 2013

OVERVIEW

        A number of vulnerabilities have been identified in Joomla! prior to
        versions 3.1.0 and 2.5.10. [1, 2]


IMPACT

        The vendor has provided the following information:
        
        "[20130403] - Core - XSS Vulnerability
        
            Project: Joomla!
            SubProject: All
            Severity: Moderate
            Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 
            3.0.x versions.
            Exploit type: XSS Vulnerability
            Reported Date: 2013-March-9
            Fixed Date: 2013-April-24
            CVE Number: CVE-2013-3058
        
        Description
        
        Inadequate filtering allows possibility of XSS exploit in some 
        circumstances." [3]
        
        "[20130406] - Core - DOS Vulnerability
        
            Project: Joomla!
            SubProject: All
            Severity: Moderate
            Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 
            3.0.x versions.
            Exploit type: Denial of service vulnerability
            Reported Date: 2013-February-18
            Fixed Date: 2013-April-24
            CVE Number: CVE-2013-3242
        
        Description
        
        Object unserialize method leads to possible denial of service 
        vulnerability." [4]
        
        "[20130402] - Core - Information Disclosure
        
            Project: Joomla!
            SubProject: All
            Severity: Low
            Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier
            3.0.x versions.
            Exploit type: Information Disclosure
            Reported Date: 2013-March-29
            Fixed Date: 2013-April-24
            CVE Number: CVE-2013-3057
        
        Description
        
        Inadequate permission checking allows unauthorised user to see 
        permission settings in some circumstances." [5]
        
        "[20130405] - Core - XSS Vulnerability
        
            Project: Joomla!
            SubProject: All
            Severity: Low
            Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x 
            versions.
            Exploit type: XSS Vulnerability
            Reported Date: 2013-February-26
            Fixed Date: 2013-April-24
            CVE Number: CVE-2013-3059
        
        Description
        
        Inadequate filtering leads to XSS vulnerability in Voting plugin." [6]
        
        "[20130404] - Core - XSS Vulnerability
        
            Project: Joomla!
            SubProject: All
            Severity: Low
            Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 
            3.0.x versions.
            Exploit type: XSS Vulnerability
            Reported Date: 2013-February-15
            Fixed Date: 2013-April-24
            CVE Number: None
        
        Description
        
        Use of old version of Flash-based file uploader leads to XSS 
        vulnerability." [7]
        
        "[20130401] - Core - Privilege Escalation
        
            Project: Joomla!
            SubProject: All
            Severity: Low
            Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 
            3.0.x versions.
            Exploit type: Privilege Escalation
            Reported Date: 2013-March-29
            Fixed Date: 2013-April-24
            CVE Number: CVE-2013-3056
        
        Description
        
        Inadequate permission checking allows unauthorised user to delete 
        private messages." [8]
        
        
        "[20130407] - Core - XSS Vulnerability
        
            Project: Joomla!
            SubProject: All
            Severity: Low
            Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 
            3.0.x versions.
            Exploit type: XSS Vulnerability
            Reported Date: 2013-April-17
            Fixed Date: 2013-April-24
            CVE Number: CVE-2013-3267
        
        Description
        
        Inadequate filtering leads to XSS vulnerability in highlighter
        plugin." [9]


MITIGATION

        The vendor recommends updating to the latest versions of Joomla! to
        correct these issues. [1, 2]


REFERENCES

        [1] Joomla! 2.5.10 Released
            http://www.joomla.org/announcements/release-news/5493-joomla-2-5-10-released.html

        [2] Joomla! 3.1.0 Stable Released
            http://www.joomla.org/announcements/release-news/5494-joomla-3-1-0-stable-released.html

        [3] [20130403] - Core - XSS Vulnerability
            http://developer.joomla.org/security/81-20130403-core-xss-vulnerability.html

        [4] [20130406] - Core - DOS Vulnerability
            http://developer.joomla.org/security/85-20130406-core-dos-vulnerability.html

        [5] [20130402] - Core - Information Disclosure
            http://developer.joomla.org/security/82-20130402-core-information-disclosure.html

        [6] [20130405] - Core - XSS Vulnerability
            http://developer.joomla.org/security/80-20130405-core-xss-vulnerability.html

        [7] [20130404] - Core - XSS Vulnerability
            http://developer.joomla.org/security/83-20130404-core-xss-vulnerability.html

        [8] [20130401] - Core - Privilege Escalation
            http://developer.joomla.org/security/84-20130401-core-privilege-escalation.html

        [9] [20130407] - Core - XSS Vulnerability
            http://developer.joomla.org/security/86-20130407-core-xss-vulnerability.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUXofQO4yVqjM2NGpAQJQTQ//bXQeHYvj57ZWpRkOiHGXMV0PQpogN1ph
dq0lhDdHS53xpSn/+tzWZ5JlDMJTn+k+lCXWcAzbRn7fBOyeRFD31KzVQCeMLNVu
XkGlp3pdChCJTBwpKEb2pY2+ewS3EFmfqN7aViw0C2bDjS3OdAFjA/Oae7xJjkdb
4mJYQ8FmjYr+Cs5VvQfCsCvNVtQB1tzmR1TyWGvLi/Nk9iHSeXW9W3uEROakC0MF
WFVoIX64rVLzmbWTaUcm78DwR6Y80eBubIttQyyMBEnZo34PW6uBpkCNkG36weyP
Ri6xMMA02+XGGGC6GxJr1cqQ81OoSkXC4OvOm+WdsFSpR3jaSw22Gl8XHV5v7NSZ
JZU30/3TBhiEI9wiAnbiEvc02lIhkFDBroOhIqxYBu8qiLdyF0LGz5xLM+WRwDu5
EmJVtDda4+gqmUChzF78Ksxvt5uhrR0tbSr5oYPtZOVkYf//trYzwMG5/S8QyEhz
8oCfCpHgBvjxuwhCGXbFkxquKXZC7pC7V6pUgorSqXuRP71um1Dmab/O0vHI19AH
8LNcrEP/eoxuFR089r6GBgx4gJg3VsLEoYalbeGa3QUxto+hVmiITIYbzE1Idfne
fKW/sPkYVRIW9IrFKNItIhgECa6ijHBx+IBUtFhS+hwR5y0g/dmRqQ73dacZEgnu
0NNPFYKKyX8=
=Gwl+
-----END PGP SIGNATURE-----