TUCoPS :: Web BBS :: etc :: tb13674.htm

Beehive - SQL Injection Vulnerability in Beehive Forum Software
SYMSA-2007-014: SQL Injection Vulnerability in Beehive Forum Software
SYMSA-2007-014: SQL Injection Vulnerability in Beehive Forum Software



-----BEGIN PGP SIGNED MESSAGE-----=0D
Hash: SHA1=0D
=0D
=0D
=0D
=0D
                     Symantec Vulnerability Research=0D
http://www.symantec.com/research=0D 
                           Security Advisory=0D
=0D
   Advisory  ID:  SYMSA-2007-014=0D
 Advisory Title:  SQL Injection Vulnerability in Beehive Forum=0D
                  Software=0D
         Author:  Nick Bennett=0D
Robert Brown / robert_brown@symantec.com=0D 
   Release Date:  28-11-2007=0D
    Application:  Beehive Forum 0.7.1 (earlier versions also=0D
                  vulnerable)=0D
       Platform:  All supported=0D
       Severity:  Remotely exploitable / Information Disclosure=0D
  Vendor status:  Updated Application Versions Available=0D
     CVE Number:  CVE-2007-6014=0D
Reference: http://www.securityfocus.com/bid/26492=0D 
=0D
=0D
Overview:=0D
=0D
  Beehive Forum is an open source web based forum application=0D
  written in PHP.  A vulnerability exists in the Beehive Forum=0D
  software that could allow a remote user to execute SQL injection=0D
  attacks. These attacks could compromise sensitive data including=0D
  usernames and passwords for the Beehive application. Arbitrary=0D
  data from other applications hosted on the same server could also=0D
  be compromised, depending on the configuration of MySQL.=0D
=0D
=0D
Details:=0D
=0D
  This vulnerability exists because of a failure in the application=0D
  to properly sanitize user input for the variable "t_dedupe". This=0D
  variable is accepted as input in the page "post.php". The value of=0D
  this variable is then included in an SQL statement which is=0D
executed with the PHP function "@mysql_query". This function is=0D 
  specifically designed to mitigate the effects of an SQL injection=0D
  attack by not allowing multiple SQL statements in one call.=0D
  However, it is  still possible to manipluate the SQL statement=0D
  through the "t_dedupe" variable to obtain arbitrary data from=0D
  the database.=0D
=0D
=0D
Vendor Response:=0D
=0D
  There is a security vulnerability in Beehive Forum that could=0D
  allow for user logon and password MD5 hash disclosure.=0D
=0D
  This vulnerability has been fixed in the latest release of the=0D
  product, Beehive Forum 0.8. It is recommend all users immediately=0D
  obtain the newest version of Beehive Forum to protect against=0D
  this threat.=0D
=0D
  Project Beehive Forum is available for download from the project=0D
website at http://www.beehiveforum.net/=0D 
=0D
  If there are any further questions about this statement, please=0D
  contact a member of the development team.=0D
=0D
=0D
Recommendation:=0D
=0D
  It is recommend all users immediately obtain the newest version of=0D
  Beehive Forum to protect against this threat.  Project Beehive=0D
  Forum is available for download from the project website at=0D
http://www.beehiveforum.net/.=0D 
=0D
Common Vulnerabilities and Exposures (CVE) Information:=0D
=0D
The Common Vulnerabilities and Exposures (CVE) project has assigned=0D
the following names to these issues. These are candidates for=0D
inclusion in the CVE list (http://cve.mitre.org), which standardizes=0D 
names for security problems.=0D
=0D
=0D
  CVE-2007-6014=0D
=0D
- ----------Symantec Vulnerability Research Advisory Information-------=0D
=0D
For questions about this advisory, or to report an error:=0D
research@symantec.com=0D 
=0D
For details on Symantec's Vulnerability Reporting Policy:=0D
http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf=0D 
=0D
Symantec Vulnerability Research Advisory Archive:=0D
http://www.symantec.com/research/=0D 
=0D
Symantec Vulnerability Research GPG Key:=0D
http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc=0D 
=0D
- ----------------Symantec Product Advisory Information-------------=0D
=0D
To Report a Security Vulnerability in a Symantec Product:=0D
secure@symantec.com=0D 
=0D
For general information on Symantec's Product Vulnerability=0D
reporting and response:=0D
http://www.symantec.com/security/=0D 
=0D
Symantec Product Advisory Archive:=0D
http://www.symantec.com/avcenter/security/SymantecAdvisories.html=0D 
=0D
Symantec Product Advisory PGP Key:=0D
http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc=0D 
=0D
- ------------------------------------------------------------------=0D
=0D
Copyright (c) 2007 by Symantec Corp.=0D
Permission to redistribute this alert electronically is granted=0D
as long  as it is not edited in any way unless  authorized by=0D
Symantec Consulting Services. Reprinting the whole or part of=0D
this alert in any medium other than electronically requires=0D
permission from research@symantec.com.=0D 
=0D
Disclaimer=0D
The information in the advisory is believed to be accurate at the=0D
time of publishing based on currently available information. Use=0D
of the information constitutes acceptance for use in an AS IS=0D
condition. There are no warranties with regard to this information.=0D
Neither the author nor the publisher accepts any liability for any=0D
direct, indirect, or consequential loss or damage arising from use=0D
of, or reliance on, this information.=0D
=0D
Symantec, Symantec products, and Symantec Consulting Services are=0D
registered trademarks of Symantec Corp. and/or affiliated companies=0D
in the United States and other countries. All other registered and=0D
unregistered trademarks represented in this document are the sole=0D
property of their respective companies/owners.=0D
-----BEGIN PGP SIGNATURE-----=0D
Version: GnuPG v1.4.7 (MingW32)=0D
=0D
iD8DBQFHVFXyuk7IIFI45IARAhJqAKCGc/4L5tb0bq1s1jrp6mwEFJBBRgCcDA+F=0D
V7igvapHPpck2rZdZRlgB0Q==0D
=JzzL=0D
-----END PGP SIGNATURE-----=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH