
Vulnerabilité CVE-2008-3671
MyReview, http://myreview.intellagence.eu/
Bonjour à tous.
Cela fait plusieurs jours que c'est en cours, mais j'ai décidé de la publier aujourd'hui, vu que je pars en vacances ce soir.
Enjoy !
Le numéro CVE est en cours de validation donc c'est un candidate pour le moment.
The MyReview access control system is flawed and can be bypassed to retrieve sensitive information
Overview
Incorrect management of the submission and camera ready versions of submitted papers to the MyReview system lets unintended users download these documents. This information leakage can be used to illegally retrieve sensitive or licensed documents.
I. Description
The MyReview web application is an open-source web application used in the research community To manage the paper submission and paper review phases of conferences. Based on the well known PHP+MySQL framework and distributed under the GNU General Public License, it has been used by thousands of conferences worldwide.
Incorrect management of the submission and camera ready versions of submitted papers to the MyReview system lets unintended users download these documents. This flaw bypass all the access controls implemented by the MyReview developers. This information leakage is critical as the documents submitted to the conferences, and mostly at the submission phase, contain sensitives information researchers may not want to be publicized.
Besides, this flaw can be used by attackers to retrieve at will the final version of the documents, after the conferences is done. However, these final versions may be not free, as it is often the case for conferences.
More information about this flaw will be publicized later on, as it could be used to attack existing deployment of the MyReview system.
II. Impact
Exploitation of this vulnerability could lead to the lost of the sensitive information managed by MyReview: submission and camera ready version of the submitted paper may be downloaded
III. Solution
The Laboratoire de Recherche en Informatique (LRI), which provide MyReview has been contacted and they receive a patch I made for this vulnerability. However, to avoid unpatched website attacks (which are very easy to do), the author decided to let the LRI making the decision about how to efficiently performed the update. Please see your vendor's advisory for updates and mitigation capabilities. A good point would be to subscribe to MyReview newsletter, if not done yet.
Version and platform Affected
|
Affected Platforms |
Any |
|
Affected Software |
MyReview, http://myreview.intellagence.eu/ |
|
Affected Versions |
Any (prior or equal to 1.9.9, as 2.0 is still in beta) |
|
Severity |
High |
Requirements
|
Authentication |
None |
|
Access |
Distant (Internet) |
References
<to be upgraded later on>
Credit
This vulnerability was reported by Julien A. Thomas.
TELECOM Bretagne homepage: http://perso.telecom-bretagne.eu/julienthomas/
Personal homepage: http://www.julienthomas.eu/
Other Information
|
Date Discovered |
16/07/2008 |
|
Date Public |
18/07/2008 |
|
Date First Published |
18/07/2008 |
|
Date Last Updated |
18/07/2008 |
|
CERT Advisory |
|
|
CVE Name (candidate) |
CVE-2008-3671 |
ajouter un commentaire commentaires (0) créer un trackback recommander



Bienvenue à toi sur mon (si si, mon :p) blog.
(image de 2007)






Commentaires