=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN183
_____________________________________________________________________

DATE                      : 28/05/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Mambo.

======================================================================
http://forum.mambo-foundation.org/showthread.php?t=11799
______________________________________________________________________

Mambo 4.6.4 has been released. You can read the forum announcement here: 
http://forum.mambo-foundation.org/sh...ad.php?p=62251 and the full
announcement on The Source, here: 
http://source.mambo-foundation.org/content/view/141/1/

This is an important security and maintenance upgrade.

Three serious security vulnerabilities have been fixed in Mambo 4.6.4.
All users of Mambo 4.6.+ are urged to upgrade as soon as possible.

While there have been no reports of exploits at this time, the potential 
for exploits is high. The security risks in earlier versions of Mambo
have been identified as follows:

1.SQL Injection
============
There is potential for SQL injection. Successful exploitation requires
that "magic_quotes_gpc" is disabled.

2. CRLF injection/HTTP response splitting
===============================
Risk of insertion of data into headers through a remote attack.

3. Cross-Site Scripting Vulnerability in MOStlyCE <=3.0
=========================================
The Mambo Team released MOStlyCE 3.0 as an independent upgrade some time 
ago following the discovery of multiple vulnerabilities. Mambo 4.6.4
includes MOStlyCE 3.05. If you are not running MOStlyCE 3.05 already,
then you will need to ensure that your editor is upgraded.

Users of Mambo Lite who have installed optional core extensions will
need to ensure they update the following extensions:

     * com_comment
     * com_poll
     * com_weblinks
     * com_banners
     * bot_moscomment
     * mod_latestcontent
     * mod_poll
     * mod_random_image
     * mod_templatechooser

Mambo 4.6.4 Complete, Mambo 4.6.4 Lite, and the optional core extensions 
are all available to download from the Mambo Code Forge here:
http://mambo-code.org/gf/project/mambo/frs/

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================