=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN443
_____________________________________________________________________

DATE                      : 05/11/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running 1.5.x Joomla! versions prior to 1.5.15.

======================================================================
http://developer.joomla.org/security/news/305-20091103-core-front-end-editor-issue-.html
http://developer.joomla.org/security/news/306-20091103-core-xml-file-read-issue.html
______________________________________________________________________

 [20091103] - Core - Front-End Editor Issue
Tuesday, 03 November 2009 16:31

    * Project: Joomla!
    * SubProject: com_content
    * Severity: Moderate
    * Versions: 1.5.14 and all previous 1.5 releases
    * Exploit type: Front-End Editing
    * Reported Date: 2009-September-05
    * Fixed Date: 2009-November-03


Description

When logged into the front end with Author access, it was possible to
replace an article written by another user.


Affected Installs

All 1.5.x installs prior to and including 1.5.14 are affected.


Solution

Upgrade to latest Joomla! version (1.5.15 or newer).

Reported by Hannes Papenberg


Contact

The JSST at the Joomla! Security Center.
Last Updated on Thursday, 05 November 2009 01:46
_________________________________________________________________________


 [20091103] - Core - XML File Read Issue
Monday, 02 November 2009 01:03

    * Project: Joomla!
    * SubProject: All
    * Severity: Low
    * Versions: 1.5.14 and all previous 1.5 releases
    * Exploit type: Extension Version Disclosure
    * Reported Date: 2009-October-13
    * Fixed Date: 2009-Nov-03


Description

It is possible to read the contents of an extension's XML file and find
the version number of the installed extension. This could allow people
to exploit a known security flaws for a specific version of an extension.
Affected Installs

All 1.5.x installs prior to and including 1.5.14 are affected.


Solution

Turn on Apache mod_rewrite and configure your .htaccess file to filter out
XML files. In the htaccess.txt file shipped with version 1.5.15, lines 35-39
contain example code that will deny access to XML files. You can incorporate
this code (or similar code) into your .htaccess file. Be sure to test that
it does not cause problems on your site.


Reported by WHK and Gergő Erdősi


Contact

The JSST at the Joomla! Security Center.
Last Updated on Thursday, 05 November 2009 01:46
======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================