New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed several SQL injection vulnerabilities. #208

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
5 participants
@florian-sander
Contributor

florian-sander commented Dec 18, 2013

There are several sql injection vulnerabilities in Revive. This change fixes them.

These vulnerabilites are already being exploited. I discovered them after tracking down an attack on our OpenX installation. I have tested the vulnerability on Revive as well. The attacks on OpenX have been going on since at least September, so I would assume the vulnerability is well known in black hat circles by now.

For everyone who wants to patch their system right away, I have provided patched files for OpenX and Revive on my blog:

http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/

As last time, I do not want to explain publicly in detail how to exploit the vulnerability, but maintainers of the master repository can contact me privately if they need more information.

@erikgeurts

This comment has been minimized.

Show comment
Hide comment
@erikgeurts

erikgeurts Dec 18, 2013

Contributor

Florian, please remove everything that could help a person with bad intentions (including from your blog and your pull request) and contact us by e-mail at security@revive-adserver.com

Contributor

erikgeurts commented Dec 18, 2013

Florian, please remove everything that could help a person with bad intentions (including from your blog and your pull request) and contact us by e-mail at security@revive-adserver.com

@florian-sander

This comment has been minimized.

Show comment
Hide comment
@florian-sander

florian-sander Dec 18, 2013

Contributor

Neither the pull request nor the blog post contain any instructions as to how exploit the vulnerability. To be sure I removed some additional information from the pull request which explained some changes. An email has been sent.

Contributor

florian-sander commented Dec 18, 2013

Neither the pull request nor the blog post contain any instructions as to how exploit the vulnerability. To be sure I removed some additional information from the pull request which explained some changes. An email has been sent.

@hwde

This comment has been minimized.

Show comment
Hide comment
@hwde

hwde Dec 19, 2013

Contributor

Hi Flo, thanks for the patch ... but it is still not enough. Take a look at the "format:" condition.

Contributor

hwde commented Dec 19, 2013

Hi Flo, thanks for the patch ... but it is still not enough. Take a look at the "format:" condition.

@mbeccati

This comment has been minimized.

Show comment
Hide comment
@mbeccati

mbeccati Dec 19, 2013

Contributor

Thanks guys for the input. We're working on testing / fixing and I'd expect a release very soon.

Contributor

mbeccati commented Dec 19, 2013

Thanks guys for the input. We're working on testing / fixing and I'd expect a release very soon.

@florian-sander

This comment has been minimized.

Show comment
Hide comment
@florian-sander

florian-sander Dec 19, 2013

Contributor

Hi hwde, thanks for the hint... but I'm afraid I do not see the issue with the patched format condition. It's probably best not to discuss this in public, so can you send me some more detailed information to florian.sander at checkpanel.com? Better include security at revive-adserver.com as well since Matteo is working on the official patch right now.

Contributor

florian-sander commented Dec 19, 2013

Hi hwde, thanks for the hint... but I'm afraid I do not see the issue with the patched format condition. It's probably best not to discuss this in public, so can you send me some more detailed information to florian.sander at checkpanel.com? Better include security at revive-adserver.com as well since Matteo is working on the official patch right now.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Dec 19, 2013

Thanks for the patches for OpenX 2.8.11 Florian.

ghost commented Dec 19, 2013

Thanks for the patches for OpenX 2.8.11 Florian.

@mbeccati

This comment has been minimized.

Show comment
Hide comment
@mbeccati

mbeccati Dec 20, 2013

Contributor

Fixed in 3.0.2

Contributor

mbeccati commented Dec 20, 2013

Fixed in 3.0.2

@mbeccati mbeccati closed this Dec 20, 2013

@ghost ghost assigned mbeccati Dec 23, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment