Operating System:

[WIN][UNIX/Linux]

Published:

23 December 2016

Protect yourself against future threats.

//Service

Early Warning SMS

Receive SMS notifications for the most critical security threats and vulnerabilities.

Read more
Resources > Security Bulletins > ASB-2016.0122 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2016.0122
        A number of vulnerabilities have been identified in Joomla!
                             23 December 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Joomla!
Operating System:     UNIX variants (UNIX, Linux, OSX)
                      Windows
Impact/Access:        Administrator Compromise        -- Remote/Unauthenticated
                      Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                      Increased Privileges            -- Remote/Unauthenticated
                      Access Confidential Data        -- Remote/Unauthenticated
                      Unauthorised Access             -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2016-8869 CVE-2016-8870 CVE-2016-9081
                      CVE-2016-9836 CVE-2016-9837 CVE-2016-9838
Member content until: Saturday, January 21 2017

OVERVIEW

        Multiple vulnerabilities affect the following packages:
         1.6.0 <= joomla3 < 3.6.1[1]
         1.5.0 <= joomla3 < 3.4.7[2]
         3.4.4 <= joomla3 < 3.6.4[3]
         1.6.0 <= joomla3 < 3.6.5[4]


IMPACT

        The vendor has provided the following information:
        
        "[20160801] - Core - ACL Violation
        Inadequate ACL checks in com_content provide potential read access 
        to data which should be access restricted to users with edit_own 
        level.
        https://developer.joomla.org/security-centre/652-20160801-core-core-acl-violations.html
        
        [20160802] - Core - XSS Vulnerability
        Inadequate escaping leads to XSS vulnerability in mail component.
        https://developer.joomla.org/security-centre/653-20160802-core-xss-vulnerability.html
        
        [20160803] - Core - CSRF
        Add additional CSRF hardening in com_joomlaupdate.
        https://developer.joomla.org/security-centre/654-20160803-core-csrf.html
        "[1]
        
        
        "[20151206] - Core - Session Hardening
        The Joomla Security Strike team has been following up on the 
        critical security vulnerability patched last week. Since the recent
        update it has become clear that the root cause is a bug in PHP 
        itself. This was fixed by PHP in September of 2015 with the releases
        of PHP 5.4.45, 5.5.29, 5.6.13 (Note that this is fixed in all 
        versions of PHP 7 and has been back-ported in some specific Linux 
        LTS versions of PHP 5.3). This fixes the bug across all supported 
        PHP versions.
        https://developer.joomla.org/security-centre/639-20151206-core-session-hardening.html
        
        [20151207] - Core - SQL Injection
        Inadequate filtering of request data leads to a SQL Injection 
        vulnerability.
        https://developer.joomla.org/security-centre/640-20151207-core-sql-injection.html
        "[2]
        
        
        "[20161001] - Core - Account Creation
        Inadequate checks allows for users to register on a site when 
        registration has been disabled.
        https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html
        
        [20161002] - Core - Elevated Privilege
        Incorrect use of unfiltered data allows for users to register on a 
        site with elevated privileges.
        https://developer.joomla.org/security-centre/660-20161002-core-elevated-privileges.html
        
        [20161003] - Core - Account Modifications
        Incorrect use of unfiltered data allows for existing user accounts 
        to be modified; to include resetting their username, password, and 
        user group assignments.
        https://developer.joomla.org/security-centre/661-20161003-core-account-modifications.html
        "[3]
        
        "[20161201] - Core - Elevated Privileges
        Incorrect use of unfiltered data stored to the session on a form 
        validation failure allows for existing user accounts to be modified;
        to include resetting their username, password, and user group 
        assignments.
        https://developer.joomla.org/security-centre/664-20161201-core-elevated-privileges.html
        
        [20161202] - Core - Shell Upload
        Inadequate filesystem checks allowed files with alternative PHP file
        extensions to be uploaded.
        https://developer.joomla.org/security-centre/665-20161202-core-shell-upload.html
        
        [20161203] - Core - Information Disclosure
        Inadequate ACL checks in the Beez3 com_content article layout 
        override enables a user to view restricted content.
        https://developer.joomla.org/security-centre/666-20161203-core-information-disclosure.html
        "[4]


MITIGATION

        The vendor recommends updating to the latest version of Joomla! to 
        correct these issues. [1 - 4]


REFERENCES

        [1] Joomla! -- multiple vulnerabilities
            http://www.vuxml.org/freebsd/f0806cad-c7f1-11e6-ae1b-002590263bf5.html

        [2] Joomla! -- multiple vulnerabilities
            http://www.vuxml.org/freebsd/c0ef061a-c7f0-11e6-ae1b-002590263bf5.html

        [3] Joomla! -- multiple vulnerabilities
            http://www.vuxml.org/freebsd/a27d234a-c7f2-11e6-ae1b-002590263bf5.html

        [4] Joomla! -- multiple vulnerabilities
            http://www.vuxml.org/freebsd/624b45c0-c7f3-11e6-ae1b-002590263bf5.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWFxw1Ix+lLeg9Ub1AQgHxxAAiM3NreOJGj5v2WcNCkgN2AYY3XQiuORd
o1B5KSl1FQvJN7IOxwaFzAaTNwxev88/+l09UwQl9QYnOzBW8tGvU0obq75ZPCpE
NtIZx7fTHZG02M+l81DDD3j9gptkL1Wdh4VVexxcMW29cVDwfrop+aNKpUfmD2Vl
nBlUi3bbUow4QE/l1italbIrxic3EJi6Y37WHIIUOZyxNWVlYTOxyV6wbPGMG9gF
EojwlTCSCVeQnjQvS8HS6ctwuwPBNd/SRGX8nwrRAZA3PD0ASU/azfLGqGe29/oD
GcKyC/M5Xq0/oKAm2+B37jzL+geKrDS6fvt6rfUK2Yvkrs9FkLLZmcVvGHTIVUnu
eAieiBYzH7DIADp705fdNJP8ZvO4Id74Auh+Qi/gJzECDqnMiOg45pt/ZHLV87r+
quk4Tii+Z0zcs3cwaTadP23Eh2ExZ397WUxaeesxSZN4FwzKB1Y/mXaTYVan2+Jx
ZwWfOOMNfH/WQr91b+AIZKMyJly3x6AJH7ZBLamnySzNCugrRINHZS2BgIkfJ3pk
u8V6NxxNCET1Cyx6cz1CqnhY1FkTY7jgecw8mVFiBrjS+x1QIMg1acq9fPgPBa/6
EfbpY7mxgGp4VJfrhyZZJnEQ+PX4AfclFD9r1LxSMuP6GDaM3uQfZA/TdAKyoc5V
nmELDP/p3qs=
=DwoV
-----END PGP SIGNATURE-----