|
Alex
|
 |
« on: March 15, 2010, 09:09:13 pm » |
|
Severe vulnerability that affects all versions of File Module was discovered today.
The updated files are available here:
To retrieve your account info use Password Finder:
Please replace the module as soon as possible. If not able to download, delete the TTXFile.pm from your server. Shoot first, ask questions later. Also, here is quick fix (all versions)
Replace line (near the end of TTXFile.pm) that reads
if (!open(F, "$dir/$fid")) {
with
if (($fid !~ /^\d+-\d+-\d+-\d+\.dat$/) || (!open(F, "$dir/$fid"))) {
Edit by Sparky: Stickied
|
|
|
|
« Last Edit: March 16, 2010, 09:37:05 am by Sparky »
|
Logged
|
|
|
|
Sparky
Moderator
Hero Member
Karma: 78
Posts: 1,980
stop pushing all those buttons
|
 |
« Reply #1 on: March 15, 2010, 09:27:09 pm » |
|
Are you able to explain the nature of the vulnerability? Like what sorts of bad things could happen if this is not fixed?
Thank-you.
|
|
|
|
|
Logged
|
Did you update the paths in ttxcfg.cgi after moving TTX to your new location?  To those seeking help.... please report back when you figure it out. 
|
|
|
|
Alex
|
|
« Reply #2 on: March 15, 2010, 09:32:11 pm » |
|
I would prefer to avoid discussing possible exploits on the forum. Trust me, it is severe vulnerability. Act promptly. See PM for details.
|
|
|
|
|
Logged
|
|
|
|
|
Alex
|
|
« Reply #3 on: March 15, 2010, 11:12:37 pm » |
|
Quick follow-up. All updated versions of TTXFile.pm have revision 759, the revision number is on the first 12 lines of file: package TTXFile;
#
# This is an optional File module for
# Trouble Ticket Express help desk package.
# http://www.troubleticketexpress.com
#
# COPYRIGHT: , United Web Coders
# http://www.unitedwebcoders.com
#
# $Revision: 759 $
# $Date: :17: (Mon, 15 Mar 2010) $
# |
|
|
|
|
Logged
|
|
|
|
Rogue
Newbie
Karma: 0
Posts: 5
|
 |
« Reply #4 on: March 16, 2010, 06:13:45 am » |
|
Thanks for the update Alex.  My files were compromised overnight. Forgive my ignorance, but is there a mailing list or a thread I can subscribe to to receive security alerts like this? |
|
|
|
|
Logged
|
|
|
|
|
Alex
|
|
« Reply #5 on: March 16, 2010, 09:15:54 am » |
|
Actually we publish RSS feed, but it is self-hosted and we powered down most software for vulnerability audit... It looks like using 3rd party solutions is more reliable in this case.
You may use
We will provide references to Twitter feed within TTX and on site later.
|
|
|
|
|
Logged
|
|
|
|
somedud3
Newbie
Karma: 0
Posts: 1
|
|
« Reply #6 on: March 16, 2010, 02:24:11 pm » |
|
Someone posted this ttx.cgi?cmd=img&fid=|whoami| on
i hope its patched
|
|
|
|
|
Logged
|
|
|
|
Rogue
Newbie
Karma: 0
Posts: 5
|
|
« Reply #7 on: March 16, 2010, 04:19:21 pm » |
|
You may use
Thanks, subscribed. |
|
|
|
|
Logged
|
|
|
|
NXP
Newbie
Karma: 0
Posts: 1
|
|
« Reply #8 on: March 17, 2010, 07:26:44 am » |
|
Is it normal that the red box with "Security Alert!" is still flashing at the bottom of the page even though I have replaced the files?
|
|
|
|
|
Logged
|
|
|
|
Rogue
Newbie
Karma: 0
Posts: 5
|
|
« Reply #9 on: March 17, 2010, 08:30:30 am » |
|
Is it normal that the red box with "Security Alert!" is still flashing at the bottom of the page even though I have replaced the files?
Download the latest version of TTX and replace the ttx.cgi on your installation. |
|
|
|
|
Logged
|
|
|
|
|
Alex
|
|
« Reply #10 on: March 17, 2010, 08:32:36 am » |
|
To get rid of banner please replace ttx.cgi as well. The old ttx.cgi is not vulnerable, but it fetches update notification image from old location and we replaced the image with a flashing banner. The updated ttx.cgi gets the image from new location. Please download appropriate TTX package (the one, that matches your current version) from here
unpack archive and upload new ttx.cgi to your server. Doing this will stop flashing banner.
|
|
|
|
|
Logged
|
|
|
|
|
