[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] SugarCRM Community Edition Local File Disclosure
From: "Roberto Suggi" <roberto.suggi () security-assessment ! com>
Date: 2008-04-29 1:53:22
Message-ID: 03E1F166F1D4F04898CB327370E45F2D015A1377 () pukeko ! smb2go ! net
[Download RAW message or body]
--===============1484843435==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C8A99C.0B12B477"
This is a multi-part message in MIME format.
========================================================================
= SugarCRM Community Edition Local File Disclosure Vulnerability
=
= Vendor Website:
= HYPERLINK "http://www.sugarcrm.com"http://www.sugarcrm.com
=
= Affected Version:
= -- SugarCRM Community Edition 4.5.1
= -- SugarCRM Community Edition 5.0.0
=
= Public disclosure on 29th April 2008
=
========================================================================
Available online at:
HYPERLINK "http://www.security-assessment.com/files/advisories/2008-04-29_SugarCRM_"http://www.security-assessment.com/files/advisories/2008-04-29_SugarCRM_
local_file_disclosure.pdf
== Overview ==
SugarCRM Community Edition is vulnerable to local file contents
disclosure.
This vulnerability can be exploited by a malicious user to disclose
potentially sensitive information. The flaw is caused due to a lack of
input filtering in the SugarCRM RSS module, which can be exploited
to disclose the content of local files.
The RSS module allows SugarCRM users to add RSS feeds to their personal
RSS list. The application expects an URL value pointing to a valid RSS
feed.
However, the URL variable value is not properly sanitised and any URI
value can be entered instead. In this particular case, it was discovered
that it is possible to enter a file path to any files on the local
system hosting the SugarCRM application.
As a result SugarCRM does not display the new RSS feed in the list as it
is not a valid RSS URL Feed. However, the application creates a local
file with the filename of the md5 hash of the URL entered. The file is
created in the directory cache/feeds . If the Apache web server is used,
the file is created with the user www-data containing read permission.
== Exploitation ==
An exploitation example in a LAMP (Linux, Apache, Mysql, PHP)
environment:
If an authenticated attacker enters a value of “/etc/passwd”
(without quotes) in the RSS URL field, the application will generate a
MD5 hash of the string containing the file path. In this case,
the value “/etc/passwd” is hashed to “c5068b7c2b1707f8939b283a2758a691
” (without quotes). The MD5 hash is then used as a filename with the
file contents of /etc/passwd. The file /etc/passwd can then be viewable
publicly at HYPERLINK \
"http://sugarwebsiteaddress/cache/feeds/c5068b7c2b1707f8939b2"http://sugarwebsiteaddress/cache/feeds/c5068b7c2b1707f8939b2
83a2758a691 .
Exploitation of this flaw does not require authentication.
The URL variable is handled by the /modules/Feeds/Feed.php page.
The array variable $url is passed without filtering to the
xml_domit_rss_document function at the following line:
$rssdoc = new xml_domit_rss_document ($this->url, ‘cache/feeds/’, 3600);
The XML domit RSS plugin is then called and retrieves the file content
at the path given and then generate the MD5 hashed file in the
cache/feeds folder as instructed by the function in Feed.php .
== Solutions ==
Install the vendor supplied patches.
Patch 4.5.1j: HYPERLINK \
"http://www.sugarcrm.com/forums/showthread.php?t=31688"http://www.sugarcrm.com/forums/showthread.php?t=31688
Patch 5.0.0c: HYPERLINK \
"http://www.sugarcrm.com/forums/showthread.php?t=32252"http://www.sugarcrm.com/forums/showthread.php?t=32252
== Credit ==
Discovered and advised to SugarCRM
April 2008 by Roberto Suggi Liverani Craig of Security-Assessment.com
== Greetings ==
To all my SA colleagues and thanks to the great atmosphere in
Hack in the Bush!
It was inspirational...
== About Security-Assessment.com ==
Security-Assessment.com is Australasia's leading team of Information
Security consultants specialising in providing high quality Information
Security services to clients throughout the Asia Pacific region. Our
clients include some of the largest globally recognised companies in
areas such as finance, telecommunications, broadcasting, legal and
government. Our aim is to provide the very best independent advice and
a high level of technical expertise while creating long and lasting
professional relationships with our clients.
Security-Assessment.com is committed to security research and
development, and its team continues to identify and responsibly publish
vulnerabilities in public and private software vendor's products.
Members of the Security-Assessment.com R&D team are globally recognised
through their release of whitepapers and presentations related to new
security research.
Roberto Suggi Liverani
Security-Assessment.com
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.524 / Virus Database: 269.23.6/1402 - Release Date: 4/28/2008 1:29 PM
[Attachment #3 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1250">
<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 12">
<meta name=Originator content="Microsoft Word 12">
<link rel=File-List href="cid:filelist.xml@01C8AA00.636C8F40">
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
<o:DoNotRelyOnCSS/>
<o:TargetScreenSize>1024x768</o:TargetScreenSize>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:TrackMoves/>
<w:TrackFormatting/>
<w:EnvelopeVis/>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>X-NONE</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:DontVertAlignCellWithSp/>
<w:DontBreakConstrainedForcedTables/>
<w:DontVertAlignInTxbx/>
<w:Word11KerningPairs/>
<w:CachedColBalance/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="267">
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
</w:LatentStyles>
</xml><![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;
mso-font-charset:1;
mso-generic-font-family:roman;
mso-font-format:other;
mso-font-pitch:variable;
mso-font-signature:0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:-1610611985 1073750139 0 0 159 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-fareast-font-family:Calibri;
mso-hansi-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{mso-style-noshow:yes;
mso-style-priority:99;
color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-noshow:yes;
mso-style-priority:99;
color:purple;
text-decoration:underline;
text-underline:single;}
span.EmailStyle17
{mso-style-type:personal-compose;
mso-style-noshow:yes;
mso-style-unhide:no;
mso-ansi-font-size:11.0pt;
mso-bidi-font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-fareast-font-family:Calibri;
mso-hansi-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";
color:windowtext;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
mso-ascii-font-family:Calibri;
mso-fareast-font-family:Calibri;
mso-hansi-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-hansi-font-family:Calibri;}
</style>
<![endif]--><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple style='tab-interval:.5in'>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>========================================================================<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>= <span
class=SpellE>SugarCRM</span> Community Edition Local File Disclosure
Vulnerability<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>=<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>= Vendor Website: \
<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>= <a
href="http://www.sugarcrm.com">http://www.sugarcrm.com</a><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>=<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>= Affected
Version:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>=<span
style='mso-spacerun:yes'> </span>-- <span class=SpellE>SugarCRM</span>
Community Edition 4.5.1 <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>=<span
style='mso-spacerun:yes'> </span>-- <span class=SpellE>SugarCRM</span>
Community Edition 5.0.0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>=<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>= Public
disclosure on 29th April 2008<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>=<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>========================================================================<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>Available online
at:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><a
href="http://www.security-assessment.com/files/advisories/2008-04-29_SugarCRM_">http://www.secur \
ity-assessment.com/files/advisories/2008-04-29_SugarCRM_</a><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>local_file_disclosure.pdf<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>== Overview \
==<o:p></o:p></span></font></p>
<p class=MsoNormal><span class=SpellE><font size=2 face=Calibri><span
style='font-size:11.0pt;mso-ascii-font-family:Calibri;mso-hansi-font-family:
Calibri'>SugarCRM</span></font></span> Community Edition is vulnerable to local
file contents <o:p></o:p></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>disclosure.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>This vulnerability
can be exploited by a malicious user to disclose<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>potentially
sensitive information. The flaw is caused due to a lack of <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>input filtering in
the <span class=SpellE>SugarCRM</span> RSS module, which can be exploited \
<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>to disclose the
content of local files.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>The RSS module
allows <span class=SpellE>SugarCRM</span> users to add RSS feeds to their
personal <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>RSS list. The
application expects an URL value pointing to a valid RSS <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>feed. \
<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>However, the URL
variable value is not properly <span class=SpellE>sanitised</span> and any URI \
<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>value can be
entered instead. In this particular case, it was discovered<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><span
style='mso-spacerun:yes'> </span>that it is possible to enter a file path
to any files on the local<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><span
style='mso-spacerun:yes'> </span>system hosting the <span class=SpellE>SugarCRM</span>
application.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>As a result <span
class=SpellE>SugarCRM</span> does not display the new RSS feed in the list as
it<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><span
style='mso-spacerun:yes'> </span>is not a valid RSS URL Feed. However, the
application creates a local <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>file with the
filename of the md5 hash of the URL entered. The file is <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>created in the
directory cache/feeds . If the Apache web server is used, <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>the file is
created with the user www-data containing read permission. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>== Exploitation \
==<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>An exploitation
example in a LAMP (Linux, Apache, Mysql, PHP) <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>environment:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>If an
authenticated attacker enters a value of “/etc/<span class=SpellE>passwd</span>”
<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>(without quotes)
in the RSS URL field, the application will generate a <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>MD5 hash of the
string containing the file path. In this case,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><span
style='mso-spacerun:yes'> </span>the value<span
style='mso-spacerun:yes'> </span>“/etc/<span class=SpellE>passwd</span>”
is hashed to “c5068b7c2b1707f8939b283a2758a691<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>” (without
quotes). The MD5 hash is then used as a filename with the <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>file contents of
/etc/<span class=SpellE>passwd</span>. The file /etc/<span class=SpellE>passwd</span>
can then be viewable <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>publicly at <a
href="http://sugarwebsiteaddress/cache/feeds/c5068b7c2b1707f8939b2">http://sugarwebsiteaddress/cache/feeds/c5068b7c2b1707f8939b2</a><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>83a2758a691 \
.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>Exploitation of
this flaw does not require authentication.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>The URL variable
is handled by the /modules/Feeds/Feed.php page. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>The array variable
$<span class=SpellE>url</span> is passed without filtering to the <o:p></o:p></span></font></p>
<p class=MsoNormal><span class=SpellE><font size=2 face=Calibri><span
style='font-size:11.0pt;mso-ascii-font-family:Calibri;mso-hansi-font-family:
Calibri'>xml_domit_rss_document</span></font></span> function at the following
line:<o:p></o:p></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>$<span
class=SpellE>rssdoc</span> = new <span class=SpellE>xml_domit_rss_document</span>
($this-><span class=SpellE>url</span>, ‘cache/feeds/’, \
3600);<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>The XML <span
class=SpellE>domit</span> RSS <span class=SpellE>plugin</span> is then called
and retrieves the file content <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>at the path given
and then generate the MD5 hashed file in the <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>cache/feeds folder
as instructed by the function in Feed.php .<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>== Solutions \
==<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>Install the vendor
supplied patches.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>Patch 4.5.1j: <a
href="http://www.sugarcrm.com/forums/showthread.php?t=31688">http://www.sugarcrm.com/forums/showthread.php?t=31688</a><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>Patch 5.0.0c: <a
href="http://www.sugarcrm.com/forums/showthread.php?t=32252">http://www.sugarcrm.com/forums/showthread.php?t=32252</a><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><span
style='mso-spacerun:yes'> </span><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>== Credit \
==<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>Discovered and
advised to <span class=SpellE>SugarCRM</span><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>April 2008 by
Roberto Suggi Liverani Craig of Security-Assessment.com<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>== Greetings \
==<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>To all my SA
colleagues and thanks to the great atmosphere in <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>Hack in the \
Bush!<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>It was
inspirational...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>== About
Security-Assessment.com ==<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>Security-Assessment.com
is Australasia's leading team of Information <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>Security
consultants <span class=SpellE>specialising</span> in providing high quality
Information <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>Security services
to clients throughout the Asia Pacific region. Our <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>clients include
some of the largest globally <span class=SpellE>recognised</span> companies in \
<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>areas such as
finance, telecommunications, broadcasting, legal and <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>government. Our
aim is to provide the very best independent advice and <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>a high level of
technical expertise while creating long and lasting <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>professional
relationships with our clients.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>Security-Assessment.com
is committed to security research and <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>development, and
its team continues to identify and responsibly publish <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>vulnerabilities in
public and private software vendor's products. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>Members of the
Security-Assessment.com R&D team are globally <span class=SpellE>recognised</span>
<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>through their
release of whitepapers and presentations related to new <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>security \
research.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>Roberto Suggi
Liverani<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt;
mso-ascii-font-family:Calibri;mso-hansi-font-family:Calibri'>Security-Assessment.com<o:p></o:p></span></font></p>
</div>
</body>
</html>
<BR>
<P><FONT SIZE=2>No virus found in this outgoing message.<BR>
Checked by AVG.<BR>
Version: 7.5.524 / Virus Database: 269.23.6/1402 - Release Date: 4/28/2008 1:29 PM<BR>
</FONT> </P>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--===============1484843435==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic