PT-2009-41: Multiple vulnerabilities in Kayako Support Suite Vulnerable SoftwareKayako Support Suite Version 3.60.04 stable and possibly earlier Link: http://www.kayako.com/Security LevelSecurity Level: Low Impact: Installation Path Disclosure Attack Vector: RemoteCVSS v2: Base Score: 6.4 Temporal Score: 5 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P/E:P/RL:O/RC:C)CVE: not assignedSoftware Description Kayako Support Suite is a HelpDesk system.Vulnerability DescriptionPositive Technologies Research Team discovered several Installation Path Disclosure vulnerabilities in Kayako Support Suite.The application uses a vulnerable PHP function unserialize(), which allows an attacker to disclose the product installation path. In addition, there is no validation of variable types, which also allows an attacker to disclose the installation path. Furthermore, the function trigger_error() is called, which results in the installation path disclosure, too.Examples:COOKIE: a%3A1073741823%3A%7Bi%3A0%3Bs%3A30%3A%22aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa%22%7D http://site/support/index.php?_m[]=news&_a=view http://site/support/includes/functions_captcha.phpSolution Update your software up to the latest version (3.70.01).Bulletin Status10/12/2009 - Vendor notified 10/13/2009 - Vendor response 01/26/2010 - The vendor confirmed the vulnerability and issued a workaround decision 03/12/2010 - Requested status update from vendor 04/08/2010 - Public disclosureAcknowledgementsThis vulnerability was discovered by Timur Yunusov (Positive Technologies Research Team)Referenceshttp://en.securitylab.ru/lab/PT-2009-41 http://www.ptsecurity.ru/advisory.aspReports on the vulnerabilities previously discovered by Positive Technologies Research Team:http://en.securitylab.ru/lab/ http://www.ptsecurity.ru/advisory.asp