[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Assurent VR - Adobe RoboHelp Server SQL Injection Vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx;bugtraq@xxxxxxxxxxxxxxxxx;
Subject: [Full-disclosure] Assurent VR - Adobe RoboHelp Server SQL Injection Vulnerability
From: VR-Subscription-noreply@xxxxxxxxxxxx
Date: Tue, 8 Jul 2008 15:21:45 -0400 (EDT)

Adobe RoboHelp Server SQL Injection Vulnerability
Assurent ID: FSC20080708-10

1. Affected Software

   Adobe RoboHelp Server, version 6
   Adobe RoboHelp Server, version 7

   Reference: http://www.adobe.com/products/robohelpserver/


2. Vulnerability Summary

   There exists an SQL injection vulnerability in Adobe RoboHelp Server that 
allows attackers to inject and execute arbitrary SQL 
   statements. The SQL would run against the RoboHelp back-end database within 
the security context of the application's database 
   connection.


3. Vulnerability Analysis

   The vulnerability can be exploited two ways:

   1) A remote authenticated attacker may trigger this vulnerability by sending 
a crafted HTTP request to the target server. 

   2) A remote unauthenticated attacker can entice an authenticated user to 
execute an attack using cross-site scripting techniques.

   Assurent has confirmed that execution of arbitrary SQL statements is 
possible. The SQL in such a case would execute within the 
   security context of the application's database connection.


4. Vulnerability Detection

   Assurent has confirmed the vulnerability in Adobe RoboHelp Server versions 6 
and 7.


5. Workaround

   Apply the vendor patch or block communication from untrusted networks to 
ports 80/TCP and 443/TCP on affected assets.


6. Vendor Response

   Adobe Systems has released a bulletin addressing this vulnerability. 

   Reference: http://www.adobe.com/support/security/bulletins/apsb08-16.html


7. Disclosure Timeline

   05/09/2008 Reported to vendor
   05/09/2008 Initial vendor response
   07/08/2008 Coordinated public disclosure


8. Credits

   Vulnerability Research Team, Assurent Secure Technologies, a TELUS company


9. References

   CVE: CVE-2008-2991
   Vendor: APSB08-16


10. About Assurent VRS

   Assurent's Vulnerability Research Service (VRS) for security product 
vendors, and Threat Protection Programs (TPP) for 
   MSPs and enterprise security teams, help to eliminate the significant costs 
incurred by security product vendors, MSPs, 
   and enterprise security teams in responding to and managing critical new 
security vulnerabilities and other threats 
   including worm & virus outbreaks and high-risk spyware. The VRS and TPP 
services are real-time feeds providing subscribers 
   with detailed analysis of the top security vulnerabilities, focused on the 
specific needs of each group of customers.

   http://www.assurent.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] New round of SSH scan IP's
Next by Date: [Full-disclosure] rPSA-2008-0216-1 firefox
Previous by thread: [Full-disclosure] [MSA080709-001] OpenSSH Vulnerability
Next by thread: [Full-disclosure] rPSA-2008-0216-1 firefox
Index(es):
- Date
- Thread