Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2013.0060
A number of vulnerabilities have been identified in Joomla!
26 April 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Joomla!
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Remote with User Interaction
Unauthorised Access -- Existing Account
Increased Privileges -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2013-3267 CVE-2013-3242 CVE-2013-3059
CVE-2013-3058 CVE-2013-3057 CVE-2013-3056
Member content until: Sunday, May 26 2013
OVERVIEW
A number of vulnerabilities have been identified in Joomla! prior to
versions 3.1.0 and 2.5.10. [1, 2]
IMPACT
The vendor has provided the following information:
"[20130403] - Core - XSS Vulnerability
Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier
3.0.x versions.
Exploit type: XSS Vulnerability
Reported Date: 2013-March-9
Fixed Date: 2013-April-24
CVE Number: CVE-2013-3058
Description
Inadequate filtering allows possibility of XSS exploit in some
circumstances." [3]
"[20130406] - Core - DOS Vulnerability
Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier
3.0.x versions.
Exploit type: Denial of service vulnerability
Reported Date: 2013-February-18
Fixed Date: 2013-April-24
CVE Number: CVE-2013-3242
Description
Object unserialize method leads to possible denial of service
vulnerability." [4]
"[20130402] - Core - Information Disclosure
Project: Joomla!
SubProject: All
Severity: Low
Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier
3.0.x versions.
Exploit type: Information Disclosure
Reported Date: 2013-March-29
Fixed Date: 2013-April-24
CVE Number: CVE-2013-3057
Description
Inadequate permission checking allows unauthorised user to see
permission settings in some circumstances." [5]
"[20130405] - Core - XSS Vulnerability
Project: Joomla!
SubProject: All
Severity: Low
Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x
versions.
Exploit type: XSS Vulnerability
Reported Date: 2013-February-26
Fixed Date: 2013-April-24
CVE Number: CVE-2013-3059
Description
Inadequate filtering leads to XSS vulnerability in Voting plugin." [6]
"[20130404] - Core - XSS Vulnerability
Project: Joomla!
SubProject: All
Severity: Low
Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier
3.0.x versions.
Exploit type: XSS Vulnerability
Reported Date: 2013-February-15
Fixed Date: 2013-April-24
CVE Number: None
Description
Use of old version of Flash-based file uploader leads to XSS
vulnerability." [7]
"[20130401] - Core - Privilege Escalation
Project: Joomla!
SubProject: All
Severity: Low
Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier
3.0.x versions.
Exploit type: Privilege Escalation
Reported Date: 2013-March-29
Fixed Date: 2013-April-24
CVE Number: CVE-2013-3056
Description
Inadequate permission checking allows unauthorised user to delete
private messages." [8]
"[20130407] - Core - XSS Vulnerability
Project: Joomla!
SubProject: All
Severity: Low
Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier
3.0.x versions.
Exploit type: XSS Vulnerability
Reported Date: 2013-April-17
Fixed Date: 2013-April-24
CVE Number: CVE-2013-3267
Description
Inadequate filtering leads to XSS vulnerability in highlighter
plugin." [9]
MITIGATION
The vendor recommends updating to the latest versions of Joomla! to
correct these issues. [1, 2]
REFERENCES
[1] Joomla! 2.5.10 Released
http://www.joomla.org/announcements/release-news/5493-joomla-2-5-10-released.html
[2] Joomla! 3.1.0 Stable Released
http://www.joomla.org/announcements/release-news/5494-joomla-3-1-0-stable-released.html
[3] [20130403] - Core - XSS Vulnerability
http://developer.joomla.org/security/81-20130403-core-xss-vulnerability.html
[4] [20130406] - Core - DOS Vulnerability
http://developer.joomla.org/security/85-20130406-core-dos-vulnerability.html
[5] [20130402] - Core - Information Disclosure
http://developer.joomla.org/security/82-20130402-core-information-disclosure.html
[6] [20130405] - Core - XSS Vulnerability
http://developer.joomla.org/security/80-20130405-core-xss-vulnerability.html
[7] [20130404] - Core - XSS Vulnerability
http://developer.joomla.org/security/83-20130404-core-xss-vulnerability.html
[8] [20130401] - Core - Privilege Escalation
http://developer.joomla.org/security/84-20130401-core-privilege-escalation.html
[9] [20130407] - Core - XSS Vulnerability
http://developer.joomla.org/security/86-20130407-core-xss-vulnerability.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUXofQO4yVqjM2NGpAQJQTQ//bXQeHYvj57ZWpRkOiHGXMV0PQpogN1ph
dq0lhDdHS53xpSn/+tzWZ5JlDMJTn+k+lCXWcAzbRn7fBOyeRFD31KzVQCeMLNVu
XkGlp3pdChCJTBwpKEb2pY2+ewS3EFmfqN7aViw0C2bDjS3OdAFjA/Oae7xJjkdb
4mJYQ8FmjYr+Cs5VvQfCsCvNVtQB1tzmR1TyWGvLi/Nk9iHSeXW9W3uEROakC0MF
WFVoIX64rVLzmbWTaUcm78DwR6Y80eBubIttQyyMBEnZo34PW6uBpkCNkG36weyP
Ri6xMMA02+XGGGC6GxJr1cqQ81OoSkXC4OvOm+WdsFSpR3jaSw22Gl8XHV5v7NSZ
JZU30/3TBhiEI9wiAnbiEvc02lIhkFDBroOhIqxYBu8qiLdyF0LGz5xLM+WRwDu5
EmJVtDda4+gqmUChzF78Ksxvt5uhrR0tbSr5oYPtZOVkYf//trYzwMG5/S8QyEhz
8oCfCpHgBvjxuwhCGXbFkxquKXZC7pC7V6pUgorSqXuRP71um1Dmab/O0vHI19AH
8LNcrEP/eoxuFR089r6GBgx4gJg3VsLEoYalbeGa3QUxto+hVmiITIYbzE1Idfne
fKW/sPkYVRIW9IrFKNItIhgECa6ijHBx+IBUtFhS+hwR5y0g/dmRqQ73dacZEgnu
0NNPFYKKyX8=
=Gwl+
-----END PGP SIGNATURE-----