OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Full-disclosure] Assurent VR - Adobe RoboHelp Server SQL Injection Vulnerability

VR-Subscription-noreplyassurent.com
Date: Tue Jul 08 2008 - 14:21:45 CDT


Adobe RoboHelp Server SQL Injection Vulnerability
Assurent ID: FSC20080708-10

1. Affected Software

   Adobe RoboHelp Server, version 6
   Adobe RoboHelp Server, version 7

   Reference: http://www.adobe.com/products/robohelpserver/

2. Vulnerability Summary

   There exists an SQL injection vulnerability in Adobe RoboHelp Server that allows attackers to inject and execute arbitrary SQL
   statements. The SQL would run against the RoboHelp back-end database within the security context of the application's database
   connection.

3. Vulnerability Analysis

   The vulnerability can be exploited two ways:

   1) A remote authenticated attacker may trigger this vulnerability by sending a crafted HTTP request to the target server.

   2) A remote unauthenticated attacker can entice an authenticated user to execute an attack using cross-site scripting techniques.

   Assurent has confirmed that execution of arbitrary SQL statements is possible. The SQL in such a case would execute within the
   security context of the application's database connection.

4. Vulnerability Detection

   Assurent has confirmed the vulnerability in Adobe RoboHelp Server versions 6 and 7.

5. Workaround

   Apply the vendor patch or block communication from untrusted networks to ports 80/TCP and 443/TCP on affected assets.

6. Vendor Response

   Adobe Systems has released a bulletin addressing this vulnerability.

   Reference: http://www.adobe.com/support/security/bulletins/apsb08-16.html

7. Disclosure Timeline

   05/09/2008 Reported to vendor
   05/09/2008 Initial vendor response
   07/08/2008 Coordinated public disclosure

8. Credits

   Vulnerability Research Team, Assurent Secure Technologies, a TELUS company

9. References

   CVE: CVE-2008-2991
   Vendor: APSB08-16

10. About Assurent VRS

   Assurent's Vulnerability Research Service (VRS) for security product vendors, and Threat Protection Programs (TPP) for
   MSPs and enterprise security teams, help to eliminate the significant costs incurred by security product vendors, MSPs,
   and enterprise security teams in responding to and managing critical new security vulnerabilities and other threats
   including worm & virus outbreaks and high-risk spyware. The VRS and TPP services are real-time feeds providing subscribers
   with detailed analysis of the top security vulnerabilities, focused on the specific needs of each group of customers.

   http://www.assurent.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/