PT-2009-44: Multiple vulnerabilities in Kayako Support Suite Affected SoftwareKayako Support Suite Version 3.60.04 stable and possibly earlier Product Link: http://www.kayako.com/Severity Rating Severity: Medium Impact: Medium Attack Vector: RemoteCVSS v2Base Score: 6.4 Temporal Score: 4.7 Vector: (AV:N/AC:H/Au:M/C:C/I:C/A:P/E:U/RL:O/RC:C) CVE: not assignedSoftware DescriptionKayako Support Suite is a HelpDesk system.Vulnerability DescriptionPositive Technologies Research Team discovered Local File Inclusion (LFI) vulnerabilities in Kayako Support Suite.A vulnerable function unset() allows attackers to overwrite an arbitrary global and not overridden variable, which can particularly result in LFI. If a user has write access to the DBMS tables, then he/she can add the necessary field and cause a LFI.Examples:If a table cron contains the following fields: cronid module name 7 m1 task1Then an attacker can cause a LFI: http://site/support/cron/index.php?_t=task1&_MODULES[m1]=[LOCAL INCLUDE]&-1575220259=1SolutionUpdate to latest version.Disclosure Timeline10/12/2009 - Vendor notified 10/13/2009 - Vendor response 10/xx/2009 - The vendor confirmed the vulnerability and issued a workaround decision 10/xx/2009 - Requested status update from vendor 10/xx/2009 - Public disclosureCreditsThis vulnerability was discovered by Timur Yunusov (Positive Technologies Research Team).Referenceshttp://en.securitylab.ru/lab/PT-2009-44 http://www.ptsecurity.ru/advisory.aspComplete list of vulnerability reports published by Positive Technologies Research Team:http://en.securitylab.ru/lab/ http://www.ptsecurity.ru/advisory.asp