[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] [NETRAGARD SECURITY ADVISORY] [Cambium Group, LLC. CAMAS Content Management System -- Multiple Critical Vulnerabilities][NETRAGARD-20070820]
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] [NETRAGARD SECURITY ADVISORY] [Cambium Group, LLC. CAMAS Content Management System -- Multiple Critical Vulnerabilities][NETRAGARD-20070820]
- From: Jason Starks <jstarks440@xxxxxxxxx>
- Date: Wed, 25 Feb 2009 00:24:20 -0500
Everybody love everybody?
On Tue, Feb 24, 2009 at 4:49 PM, <bobby.mugabe@xxxxxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Dear SNOSOFT,
>
> Thanks to you for proving every insult made to your company as
> truths. Demonstrating monstrous volume of elementary computer
> hacking features in some unnamed and unknown web based interface
> does separate you from the Valdis's of the community, but not by
> much.
>
> You sirs should return to crying about children hijacking your xbox
> live accounts after defeating you in video games, and leave the
> more advanced computer security web hacking to Stefan Esser and his
> technical James Bond xbox hacking team.
>
> Also please learn to better format your pasted advisories to this
> list.
>
> thanks and all the best to you,
> - -bm
>
> On Tue, 24 Feb 2009 16:00:00 -0500 Netragard Advisories
> <advisories@xxxxxxxxxxxxx> wrote:
> >************************* Netragard, L.L.C
> >Advisory***************************
> >
> > The Specialist in Anti-Hacking.
> >
> >[Posting Notice]
> >-------------------------------------------------------------------
> >------------------------------
> >If you intend to post this advisory on your web page please create
> >a
> >clickable link back to the original Netragard advisory as the
> >contents
> >of the advisory may be updated. The advisory can be found on the
> >Netragard website at http://www.netragard.com/
> >
> >For more information about Netragard visit
> >http://www.netragard.com
> >
> >[Advisory Information]
> >-------------------------------------------------------------------
> >------------------------------
> >Contact : Adriel T. Desautels
> >Researcher : Kevin Finisterre
> >Advisory ID : NETRAGARD-20070820
> >Product Name : CAMAS (Content Management System)
> >Product Version : Unknown
> >Vendor Name : Cambium Group, LLC.
> >Type of Vulnerability : Multiple Critical Vulnerabilities
> >Impact : Critical
> >Vendor Notified : 08/22/2007
> >
> >[Product Description]
> >-------------------------------------------------------------------
> >------------------------------
> >"Cambium Group's content management system (CAMAS) give you
> >independence from outdated content and expensive "web masters".
> >Let
> >the user-friendly interface of CAMAS save you time and money with
> >the
> >freedom to manage your entire web channel yourself."
> >
> >Taken From:
> >http://www.cambiumgroup.com/interior.php/pid/3/sid/3
> >
> >[Technical Summary]
> >-------------------------------------------------------------------
> >------------------------------
> >The Cambium Group Content Management System (CAMAS) Failed most
> >Open Web Application Security Project ("OWASP") criterion during
> >testing.
> >Specific areas of vulnerability that were identified are as
> >follows:
> >
> >Note: A reference to each is provided at the following URL:
> >
> >--> https://www.owasp.org/index.php/Category:Vulnerability <--
> >
> >[+] Authentication Testing (FAIL)
> >-------------------------------------------------------------------
> >------------------------------
> >CAMAS does not transport all authentication credentials over a
> >secure
> >encrypted channel. It is possible to capture users credentials in
> >
> >transit.
> >
> >[+] Code Quality Testing (FAIL)
> >-------------------------------------------------------------------
> >------------------------------
> >CAMAS does not follow industry best practices as defined by OWASP.
> >Specifically, CAMAS is missing critical security functionality
> >that
> >leaves
> >CAMAS powered websites open to attack by internet based hackers.
> >
> >[+] Error Handling Testing (FAIL)
> >-------------------------------------------------------------------
> >------------------------------
> >CAMAS is missing proper error handling and event logging
> >capabilities
> >as defined by OWASP. This lack of proper error handling and
> >logging
> >results in information leakage that can be used by an attacker to
> >
> >further
> >compromise a CAMAS powered website.
> >
> >[+] Input Validation Testing (FAIL)
> >-------------------------------------------------------------------
> >------------------------------
> >CAMAS does not perform proper Input Validation. In some areas
> >CAMAS
> >does not perform any input validation. As a result it is possible
> >to
> >execute
> >arbitrary database commands against databases that support CAMAS
> >powered websites. It is also possible to take control of CAMAS
> >powered
> >websites, databases and web-servers. CAMAS does not use
> >Parameterized Stored Procedures which is the industry standard for
> >defending against SQL Injection.
> >
> >[+] Logging and Auditing Testing (FAIL)
> >-------------------------------------------------------------------
> >------------------------------
> >CAMAS is missing Logging and Auditing functionality as defined by
> >OWASP.
> >
> >[+] Password Management (FAIL)
> >-------------------------------------------------------------------
> >------------------------------
> >CAMAS does not perform proper password storage and management.
> >CAMAS does not properly support password aging, strong password
> >enforcement, or strong password cryptographic protection. During
> >testing
> >Netragard was able to crack 98% of the passwords that were stored
> >by
> >CAMAS.
> >
> >[+] Sensitive Data Protection Testing (FAIL)
> >-------------------------------------------------------------------
> >------------------------------
> >CAMAS does not provide sufficient levels of Data Protection for
> >businesses whose users use CAMAS powered websites to access
> >sensitive information or to login to third party websites through
> >login
> >forms hosted on CAMAS powered websites.
> >
> >[Impact]
> >-------------------------------------------------------------------
> >------------------------------
> >[Impact varies from installation to installation]
> >
> >- Theft of customer data
> >- Hijack online banking portal
> >- Hijack online banking portal links
> >- Capture data entered into forms
> >- Dump database contents
> >- Alter database contents
> >- Gain access to server running CAMAS
> >- Phish using XSS
> >- Include files from remote locations
> >- Include files from the file system
> >- Information Disclosure
> >- Website Defacement
> >- etc.
> >
> >[Proof Of Concept]
> >-------------------------------------------------------------------
> >------------------------------
> >Proof of concept code exists but is not provided as to not
> >increase
> >CAMAS
> >users overall risk levels. Any website that reads "Powered by the
> >
> >Cambium
> >Group, LLC." is a CAMAS powered website.
> >
> >[Vendor Status and Chronology]
> >-------------------------------------------------------------------
> >------------------------------
> >08/06/2007 07:11:57 PM EDT - Vulnerabilities Discovered
> >08/24/2007 09:38:41 AM EDT - Cambium Group, LLC. Notified in full
> >detail
> >08/24/2007 10:54:01 AM EDT - Cambium Group, LLC. Responds to
> >Notification
> >08/27/2007 10:31:30 AM EDT - Conference Call Scheduled
> >08/29/2007 03:00:00 PM EDT - Held Conference call - Presented
> >Solution
> >08/29/2007 03:00:00 PM EDT - Communication with the Cambium Group
> >Faded
> >09/26/2008 11:17:35 PM EDT - Issues remain unfixed
> >02/09/2009 09:00:00 PM EDT - Issues remain unfixed
> >02/11/2009 03:44:19 PM EST - Whistle Blower FD Posting (No
> >affiliation
> >to Netragard)
> >02/11/2009 04:55:20 PM EST - Netragard Prepares Advisory for
> >Release
> >
> >[Solution]
> >-------------------------------------------------------------------
> >------------------------------
> >Netragard strongly recommends that the Cambium Group, LLC. modify
> >CAMAS to meet OWASP criterion as defined by the OWASP Testing
> >Guide
> >version 3. CAMAS users can partially or entirely protect
> >themselves by
> >installing a reverse application proxy such as BlueCoat(tm) or
> >ModSecurity2. Other Content Management Systems that meet industry
> >best practices with respect to security might also be considered.
> >
> >[Disclaimer]
> >-------------------------------------------------------------------
> >------------------------------
> >Netragard, L.L.C. assumes no liability for the use of the
> >information
> >provided in this advisory. This advisory was released in an effort
> >to
> >help the I.T. community protect themselves against a potentially
> >dangerous security hole. This advisory is not an attempt to
> >solicit
> >business.
> >
> >This advisory is also published at:
> >http://www.netragard.com -- and -- http://snosoft.blogspot.com
> -----BEGIN PGP SIGNATURE-----
> Charset: UTF8
> Version: Hush 3.0
> Note: This signature can be verified at https://www.hushtools.com/verify
>
> wpwEAQMCAAYFAkmkayYACgkQhNp8gzZx3sj3MQP/VLhX6DVzCHv0bB7X4hpsZgR9sNZG
> yTznxGMvlxtqUvjAq1ssR/gX2826a9WKS6tclsvOXu+1CrB+1yulG6uTI9t7NmDIpp/j
> +zC9v9sztE9gm/Rj3IoSC33U37g6os3NkYsYZ/La/LCx4GLflkAvPN6fbcgPW0E3wwfs
> q4uRjsU=
> =B3aD
> -----END PGP SIGNATURE-----
>
> --
> Become a medical transcriptionist at home, at your own pace.
>
> http://tagline.hushmail.com/fc/BLSrjkqfMmeOwR2r84s2x0D7IaMZV2tdQQpFcchXy4aCudZvRFDOuayrUK8/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/