[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] [NETRAGARD SECURITY ADVISORY] [Cambium Group, LLC. CAMAS Content Management System -- Multiple Critical Vulnerabilities][NETRAGARD-20070820]



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear SNOSOFT,

Thanks to you for proving every insult made to your company as
truths. Demonstrating monstrous volume of elementary computer
hacking features in some unnamed and unknown web based interface
does separate you from the Valdis's of the community, but not by
much.

You sirs should return to crying about children hijacking your xbox
live accounts after defeating you in video games, and leave the
more advanced computer security web hacking to Stefan Esser and his
technical James Bond xbox hacking team.

Also please learn to better format your pasted advisories to this
list.

thanks and all the best to you,
- -bm

On Tue, 24 Feb 2009 16:00:00 -0500 Netragard Advisories
<advisories@xxxxxxxxxxxxx> wrote:
>************************* Netragard,  L.L.C
>Advisory***************************
>
>                                       The Specialist in Anti-Hacking.
>
>[Posting Notice]
>-------------------------------------------------------------------
>------------------------------
>If you intend to post this advisory on your web page please create
>a
>clickable link back to the original Netragard advisory as the
>contents
>of the advisory may be updated. The advisory can be found on the
>Netragard website at http://www.netragard.com/
>
>For more information about Netragard visit
>http://www.netragard.com
>
>[Advisory Information]
>-------------------------------------------------------------------
>------------------------------
>Contact                                : Adriel T. Desautels
>Researcher                     : Kevin Finisterre
>Advisory ID                    : NETRAGARD-20070820
>Product Name           : CAMAS (Content Management System)
>Product Version                : Unknown
>Vendor Name            : Cambium Group, LLC.
>Type of Vulnerability  : Multiple Critical Vulnerabilities
>Impact                         : Critical
>Vendor Notified                : 08/22/2007
>
>[Product Description]
>-------------------------------------------------------------------
>------------------------------
>"Cambium Group's content management system (CAMAS) give you
>independence from outdated content and expensive "web masters".
>Let
>the user-friendly interface of CAMAS save you time and money with
>the
>freedom to manage your entire web channel yourself."
>
>Taken From:
>http://www.cambiumgroup.com/interior.php/pid/3/sid/3
>
>[Technical Summary]
>-------------------------------------------------------------------
>------------------------------
>The Cambium Group Content Management System (CAMAS) Failed most
>Open Web Application Security Project ("OWASP") criterion during
>testing.
>Specific  areas of vulnerability that were identified are as
>follows:
>
>Note: A reference to each is provided at the following URL:
>
>--> https://www.owasp.org/index.php/Category:Vulnerability <--
>
>[+] Authentication Testing (FAIL)
>-------------------------------------------------------------------
>------------------------------
>CAMAS does not transport all authentication credentials over a
>secure
>encrypted channel. It is possible to capture users credentials in
>
>transit.
>
>[+] Code Quality Testing (FAIL)
>-------------------------------------------------------------------
>------------------------------
>CAMAS does not follow industry best practices as defined by OWASP.
>Specifically, CAMAS is missing critical security functionality
>that
>leaves
>CAMAS powered websites open to attack by internet based hackers.
>
>[+] Error Handling Testing (FAIL)
>-------------------------------------------------------------------
>------------------------------
>CAMAS is missing proper error handling and event logging
>capabilities
>as defined by OWASP. This lack of proper error handling and
>logging
>results in information leakage that can be used by an attacker to
>
>further
>compromise a CAMAS powered website.
>
>[+] Input Validation Testing (FAIL)
>-------------------------------------------------------------------
>------------------------------
>CAMAS does not perform proper Input Validation. In some areas
>CAMAS
>does not perform any input validation.  As a result it is possible
>to
>execute
>arbitrary database commands against databases that support CAMAS
>powered websites. It is also possible to take control of CAMAS
>powered
>websites, databases and web-servers. CAMAS does not use
>Parameterized Stored Procedures which is the industry standard for
>defending against SQL Injection.
>
>[+] Logging and Auditing Testing (FAIL)
>-------------------------------------------------------------------
>------------------------------
>CAMAS is missing Logging and Auditing functionality as defined by
>OWASP.
>
>[+] Password Management (FAIL)
>-------------------------------------------------------------------
>------------------------------
>CAMAS does not perform proper password storage and management.
>CAMAS does not properly support password aging, strong password
>enforcement, or strong password cryptographic protection. During
>testing
>Netragard was able to crack 98% of the passwords that were stored
>by
>CAMAS.
>
>[+] Sensitive Data Protection Testing (FAIL)
>-------------------------------------------------------------------
>------------------------------
>CAMAS does not provide sufficient levels of Data Protection for
>businesses whose users use CAMAS powered websites to access
>sensitive information or to login to third party websites through
>login
>forms hosted on CAMAS powered websites.
>
>[Impact]
>-------------------------------------------------------------------
>------------------------------
>[Impact varies from installation to installation]
>
>- Theft of customer data
>- Hijack online banking portal
>- Hijack online banking portal links
>- Capture data entered into forms
>- Dump database contents
>- Alter database contents
>- Gain access to server running CAMAS
>- Phish using XSS
>- Include files from remote locations
>- Include files from the file system
>- Information Disclosure
>- Website Defacement
>- etc.
>
>[Proof Of Concept]
>-------------------------------------------------------------------
>------------------------------
>Proof of concept code exists but is not provided as to not
>increase
>CAMAS
>users overall risk levels. Any website that reads "Powered by the
>
>Cambium
>Group, LLC." is a CAMAS powered website.
>
>[Vendor Status and Chronology]
>-------------------------------------------------------------------
>------------------------------
>08/06/2007 07:11:57 PM EDT - Vulnerabilities Discovered
>08/24/2007 09:38:41 AM EDT - Cambium Group, LLC. Notified in full
>detail
>08/24/2007 10:54:01 AM EDT - Cambium Group, LLC. Responds to
>Notification
>08/27/2007 10:31:30 AM EDT - Conference Call Scheduled
>08/29/2007 03:00:00 PM EDT - Held Conference call - Presented
>Solution
>08/29/2007 03:00:00 PM EDT - Communication with the Cambium Group
>Faded
>09/26/2008 11:17:35 PM EDT - Issues remain unfixed
>02/09/2009 09:00:00 PM EDT - Issues remain unfixed
>02/11/2009 03:44:19 PM EST - Whistle Blower FD Posting (No
>affiliation
>to Netragard)
>02/11/2009 04:55:20 PM EST - Netragard Prepares Advisory for
>Release
>
>[Solution]
>-------------------------------------------------------------------
>------------------------------
>Netragard strongly recommends that the Cambium Group, LLC. modify
>CAMAS to meet OWASP criterion as defined by the OWASP Testing
>Guide
>version 3. CAMAS users can partially or entirely protect
>themselves by
>installing a reverse application proxy such as BlueCoat(tm) or
>ModSecurity2. Other Content Management Systems that meet industry
>best practices with respect to security might also be considered.
>
>[Disclaimer]
>-------------------------------------------------------------------
>------------------------------
>Netragard, L.L.C. assumes no liability for the use of the
>information
>provided in this advisory. This advisory was released in an effort
>to
>help the I.T. community protect themselves against a potentially
>dangerous security hole. This advisory is not an attempt to
>solicit
>business.
>
>This advisory is also published at:
>http://www.netragard.com  -- and -- http://snosoft.blogspot.com
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQMCAAYFAkmkayYACgkQhNp8gzZx3sj3MQP/VLhX6DVzCHv0bB7X4hpsZgR9sNZG
yTznxGMvlxtqUvjAq1ssR/gX2826a9WKS6tclsvOXu+1CrB+1yulG6uTI9t7NmDIpp/j
+zC9v9sztE9gm/Rj3IoSC33U37g6os3NkYsYZ/La/LCx4GLflkAvPN6fbcgPW0E3wwfs
q4uRjsU=
=B3aD
-----END PGP SIGNATURE-----

--
Become a medical transcriptionist at home, at your own pace.
 
http://tagline.hushmail.com/fc/BLSrjkqfMmeOwR2r84s2x0D7IaMZV2tdQQpFcchXy4aCudZvRFDOuayrUK8/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/