[Full-disclosure] [OPENADS-SA-2007-004] Max Media Manager v0.1.29-rc and v0.3.31-alpha-pr2 vulnerability fixed

2007-04-13T00:00:00
ID SECURITYVULNS:DOC:16699
Type securityvulns
Reporter Securityvulns
Modified 2007-04-13T00:00:00

Description

======================================================================== Openads security advisory OPENADS-SA-2007-004


Advisory ID: OPENADS-SA-2007-004 Date: 2007-Apr-11 Security risk: medium risk Applications affetced: Max Media Manager Versions affected: <= v0.1.29-rc, <= v0.3.31-alpha-pr2 Versions not affected: >= v0.3.31-alpha-pr3 ========================================================================

======================================================================== Vulnerability: HTTP response splitting ========================================================================

Description

The ck.php (or adclick.php in v0.1.x) script is vulnerable to HTTP response splitting attacks because the "maxdest" parameter is not properly sanitized.

The vulnerability DOES NOT affect those running PHP >= 4.4.2 or PHP >= 5.1.2, because the header function blocks this kind of attacks.

References

  • OPENADS-SA-2007-03

Solution

  • Those running MMM v0.3.x should upgrade to v0.3.31-alpha-pr3
  • Those running MMM v0.1.x should replace adclick.php with the updated file:

https://developer.openads.org/browser/branches/max/branches/0.1/adclick.php?rev=5697&format=raw

Contact informations

The security contact for Openads can be reached at: <security AT openads DOT org>

Best regards

Matteo Beccati http://www.openads.org http://phpadsnew.com http://phppgads.com


Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/