Mailing List Archive

On Thu, Aug 17, 2006 at 12:52:44PM -0700, Erik Stephens wrote:

> I came across a 2.3.5 version of eKayako that is still vulnerable.

Have you tried the exploit manually to confirm it is indeed vulnerable?

> The
> solution recommends upgrading to version 2.3.1 or later. The Bugtraq
> discussion does not mention any patches. This Gulftech page claims
> otherwise:
>
> http://www.gulftech.org/?node=research&article_id=00056-12182004

Note that this advisory cross-references BID 12037, which is not listed
in the plugin. While I originally wrote this plugin, I now think the
link to the GulfTech advisory is incorrect; instead, I will shortly
update it to point to:

http://www.securityfocus.com/archive/1/393946
http://forums.kayako.com/showthread.php?t=2689

The second is the vendor's announcement of the 2.3.1 release. While that
offers no specifics, it does credit "James from GulfTech" as discovering
the flaws that are being fixed.

Btw, when Bercegay released his advisory on 12/18/2004, there was no
solution available at the time; eg, see:

http://www.securityfocus.com/archive/1/384882

although he anticipated one "soon". Compare that with a subsequent advisory:

http://www.gulftech.org/?node=research&article_id=00092-07302005

which mentions Kayako developers asking for 3 months to resolve some
later issues.

> How to solve?

Assuming the flaw does indeed exist and you're really looking at 2.3.5,
I think the best thing would be to contact the vendor. Perhaps the issue
was reintroduced after being fixed?

George
--
theall@tenablesecurity.com
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

On Aug 17, 2006, at 1:48 PM, George A. Theall wrote:

> On Thu, Aug 17, 2006 at 12:52:44PM -0700, Erik Stephens wrote:
>
>> I came across a 2.3.5 version of eKayako that is still vulnerable.
>
> Have you tried the exploit manually to confirm it is indeed
> vulnerable?

Yes, it is definitely vulnerable.


> http://www.securityfocus.com/archive/1/393946
> http://forums.kayako.com/showthread.php?t=2689
>
> The second is the vendor's announcement of the 2.3.1 release. While
> that
> offers no specifics, it does credit "James from GulfTech" as
> discovering
> the flaws that are being fixed.
>
> Btw, when Bercegay released his advisory on 12/18/2004, there was no
> solution available at the time; eg, see:
>
> http://www.securityfocus.com/archive/1/384882
>
> although he anticipated one "soon". Compare that with a subsequent
> advisory:
>
> http://www.gulftech.org/?node=research&article_id=00092-07302005
>
> which mentions Kayako developers asking for 3 months to resolve some
> later issues.
>
>> How to solve?
>
> Assuming the flaw does indeed exist and you're really looking at
> 2.3.5,
> I think the best thing would be to contact the vendor. Perhaps the
> issue
> was reintroduced after being fixed?

Will do. Four releases and almost 2 years seems like a long time to
address simple XSS vulns - it's not that difficult to escape what
needs escaping. I will contact them to get the definitive scoop and
let you know what the plugin should say, regarding the solution section.

Thanks,
Erik

_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers