Welcome to Geeklog, Anonymous Friday, November 22 2024 @ 10:34 am EST

Major Security Hole Fixed!

Wednesday, January 09 2002 @ 09:38 am EST
Contributed by: Tony
Views: 8,595

Attention all Geeklog 1.3 Admins

I hope you programmers out there never have to do what I'm about to do. A security hole has been brought to my attention and all Geeklog 1.3 admins will need to apply this fix. Luckily a 'good guy' found this before it became is big issue.

During all the session management changes from a while back I neglected to add back the MD5 hash of the users password to a cookie and check that. As a result, it is possible to have your Geeklog 1.3 system compromised by simply editing the cookie and changing the user ID to that of a Geeklog admin. This hole is about as critical as a hole can get. If you are running Geeklog 1.3 you will need to go to CVS and download the latest copies of system/lib-sessions.php and public_html/users.php.

Comments

Major Security Hole Fixed! | 9 comments | Create New Account

The following comments are owned by whomever posted them. This site is not responsible for what they say.

cvs access

Authored by: Anonymous (Anonymous User) on Wednesday, January 09 2002 @ 10:57 am EST

For users not familiar with CVS, could we have an url to
access these files, and/or the url of the web CVS
access?

cvs access

Authored by: Tony on Wednesday, January 09 2002 @ 11:56 am EST

For the new system/lib-sessions.php go here

for the new users.php go here

These fixes do address the security hole. I rushed these out ASAP so there may be minor changes to the final fix. I hope to polish any unfinished 1.3.1 work and get that out ASAP.

---
The reason people blame things on previous generations is that there's only one other choice.

cvs access

Authored by: Anonymous (Anonymous User) on Wednesday, January 09 2002 @ 08:17 pm EST

Thanks Tony... Maybe a link on www.geeklog.net pointing the the top of the cvs tree would help...
Fast work on the fix :-)

Time to release 1.3.1?

Authored by: Anonymous (Anonymous User) on Wednesday, January 09 2002 @ 10:58 am EST

SOunds like its time to release 1.3.1 with all the other fixes since 1.3?

What is the status with the static pages plugin?

Time to release 1.3.1?

Authored by: Tony on Wednesday, January 09 2002 @ 11:52 am EST

Yes, I am scrambling to get 1.3.1 out the door.

The staticpages plugin is pretty much done...just need a decent icon for it and it\'s ready to go.

---
The reason people blame things on previous generations is that there's only one other choice.

Update not working

Authored by: Anonymous (Anonymous User) on Wednesday, January 09 2002 @ 12:09 pm EST

I tried putting in the files from the cvs server. When a user tries to login to geeklog. They get the following message and the user doesn\'t log in.

Warning: Cannot add header information - headers already sent by (output started at /usr/local/www/geeklog-1.3/system/lib-sessions.php:402) in /usr/local/www/geeklog-1.3/system/lib-sessions.php on line 246

Warning: Cannot add header information - headers already sent by (output started at /usr/local/www/geeklog-1.3/system/lib-sessions.php:402) in /usr/local/www/geeklog-1.3/public_html/users.php on line 395

Warning: Cannot add header information - headers already sent by (output started at /usr/local/www/geeklog-1.3/system/lib-sessions.php:402) in /usr/local/www/geeklog-1.3/public_html/users.php on line 396

Warning: Cannot add header information - headers already sent by (output started at /usr/local/www/geeklog-1.3/system/lib-sessions.php:402) in /usr/local/www/geeklog-1.3/public_html/users.php on line 416

I narrowed the problem down to the lib-sessions.php file (ver 1.5) but I couldn\'t figure out how to fix this.

Any ideas on how to fix this other than putting back the old lib-sessions.php file

Trailing spaces?

Authored by: Tony on Wednesday, January 09 2002 @ 12:53 pm EST

There may be a trailing space at the end of your lib-sessions file after the close php tag \"?>\". If there is delete it and try refreshing.

---
The reason people blame things on previous generations is that there's only one other choice.

Re: Update not working (bad file transfer?)

Authored by: Anonymous (Anonymous User) on Wednesday, January 09 2002 @ 02:00 pm EST

I believe I received similar errors after transfering a file,
links.php to my server using HTTP upload. Transfering
the file to my server using FTP resolved the error
messages. That was my experience. I don\'t believe I
recieved all the errors you posted, but some of them
certainly.

I had the same problem....

Authored by: Anonymous (Anonymous User) on Wednesday, January 09 2002 @ 11:02 pm EST

I corrected the issue by making sure the file had no spaces after the closer.

Warning: Javascript required to enable functionality

Major Security Hole Fixed!

Attention all Geeklog 1.3 Admins

Search

Resources

About

Getting started

Support

Development

Topics

User Functions

What's New

Articles last 4 weeks

Comments last 4 weeks

Pages last 4 weeks

Links last 4 weeks

Downloads last 4 weeks