PT-2009-41: Multiple vulnerabilities in Kayako Support Suite
Vulnerable Software
Kayako Support Suite
Version 3.60.04 stable and possibly earlier
Link:
http://www.kayako.com/
Security Level
Security Level: Low
Impact: Installation Path Disclosure
Attack Vector: Remote
CVSS v2:
Base Score: 6.4
Temporal Score: 5
Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P/E:P/RL:O/RC:C)
CVE: not assigned
Software Description
Kayako Support Suite is a HelpDesk system.
Vulnerability Description
Positive Technologies Research Team discovered several Installation Path Disclosure vulnerabilities in Kayako Support Suite.
The application uses a vulnerable PHP function unserialize(), which allows an attacker to disclose the product installation path.
In addition, there is no validation of variable types, which also allows an attacker to disclose the installation path.
Furthermore, the function trigger_error() is called, which results in the installation path disclosure, too.
Examples:
COOKIE: a%3A1073741823%3A%7Bi%3A0%3Bs%3A30%3A%22aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa%22%7D
http://site/support/index.php?_m[]=news&_a=view
http://site/support/includes/functions_captcha.php
Solution
Update your software up to the latest version (3.70.01).
Bulletin Status
10/12/2009 - Vendor notified
10/13/2009 - Vendor response
01/26/2010 - The vendor confirmed the vulnerability and issued a workaround decision
03/12/2010 - Requested status update from vendor
04/08/2010 - Public disclosure
Acknowledgements
This vulnerability was discovered by Timur Yunusov (Positive Technologies Research Team)
References
http://en.securitylab.ru/lab/PT-2009-41
http://www.ptsecurity.ru/advisory.asp
Reports on the vulnerabilities previously discovered by Positive Technologies Research Team:
http://en.securitylab.ru/lab/
http://www.ptsecurity.ru/advisory.asp