Details on the Privilege Escalation Vulnerability in Joomla

Details on the Privilege Escalation Vulnerability in Joomla:



"Yesterday, Joomla! 3.6.4 was released, patching a critical privilege escalation and arbitrary account creation vulnerability.

As we’ve seen some exploits attempts occurring in the wild, we feel it is a good time to describe what the issue is and how it was fixed.

"



Analyzing the Patch

It was fairly easy to figure out where the vulnerable code was, as pretty much all the patch does (with the exception of fixing an additional two factor authentication bug) is basically remove the register method from the UsersControllerUser class. So that’s where our investigation started.


Joomla register method removed in privilege escalation vulnerability code snippet
We removed some original code for improved readability


All in all, what this method does is it takes user input from the user POST parameter (which is intended to be an associative array) and validates whether specific parameters are properly formatted (email address, username, etc.). If it’s all good, it pushes the array to the register method from the UsersModelRegistration class.



'via Blog this'

Joomla! 3.6.4 Released

Upgrade to Joomla! 3.6.4 Today



The Joomla! development team announced the immediate availability of Joomla! 3.6.4 yesterday. This update was issued to fix two critical security flaws in all versions of Joomla! from 3.4.4 to 3.6.3. 



Please note, these security vulnerabilities could lead to your site becoming compromised. So, we advise you to update to the latest version of Joomla! today.

Joomla! 3.6.4 is now available. This is a security release for the 3.x series of Joomla! which addresses two critical security vulnerabilities and a bug fix for two-factor authentication. We strongly recommend that you update your sites immediately.
This release only contains the security fixes and bug fix; no other changes have been made compared to the Joomla! 3.6.3 release.
Joomla Security Release

What's in 3.6.4

Version 3.6.4 is released to address two critical security issues and a bug regarding two-factor authentication.

Security Issues Fixed

  • High Priority - Core - Account Creation (affecting Joomla! 3.4.4 through 3.6.3) More information »
  • High Priority - Core - Elevated Privileges (affecting Joomla! 3.4.4 through 3.6.3) More information »


Joomla! 3.6.4 Released



'via Blog this'