http://news.netcraft.com/archives/2007/09/20/hackers_crack_layered_tech_database.html

Secure your software!

Yeah, you should read this article along with the comments:
http://www.theregister.co.uk/2007/09/19/layered_technologies_breach_disclosure/

I posted a reply there. Dan also replied with a summary of our action on past Secunia items.

Didn't mean to sound harsh if I did. I am sorry.

Don't worry about it. :)

In the interest of full-disclosure:

That story is actually spreading around quite a bit:

http://news.netcraft.com/archives/2007/09/20/hackers_crack_layered_tech_database.html

http://www.theregister.co.uk/2007/09/19/layered_technologies_breach_disclosure/comments/

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyId=154&articleId=9038040&intsrc=hm_topic

I'm even quoted (quite loosely) on the last one. ;)

The interesting thing is it's not clear that Cerberus Helpdesk was used to break-in. What is for certain is that their Cerb3 database was targeted by "hackers", since it's a rich target of customer data.

Dan ran an audit of all our action on the previously reported Secunia alerts. I'll post it below. If you're running a recent copy of 3.x you shouldn't be vulnerable to any of those issues already.

I talked to LayeredTech's CTO this afternoon as well. We're working with them on ideas for securing any sensitive data inside Cerberus against future compromises (independent of how the database is obtained).

I'll keep you guys posted on what I know. But this isn't looking to be a wide-scale vulnerability.

Thanks!

Here's Dan's audit of our Secunia entries for Cerb 3.x:


Okay, here's the list of all seven of the Secunia vulnerabilities listed as Cerberus Helpdesk ( http://secunia.com/search/?search=cerberus -- Cerberus FTP Server is a different company and product), and what I've found out about them:


http://secunia.com/advisories/15641/ is 2.x only. I have confirmed that the vulnerability is not in current code.


http://secunia.com/advisories/17431/ is 2.x only. The 3.x attachment_send.php requires the correct thread_id to go with the file_id, and that combination would be difficult (though not impossible) to guess, since the thread_id is only ever exposed in tickets to which the user already has access. I've added a check to make sure that only a logged in user can access attachment_send.php.


http://secunia.com/advisories/18112/ is reported against 2.x, but some of the SQL injections had not been fixed. The XSS reported is not reproducible in 3.x. The SQL injections reported that had not previously been fixed have now been fixed.


http://secunia.com/advisories/18657/ is 2.x only. I have confirmed that the vulnerability is not in current code.


http://secunia.com/advisories/21706/ is 2.x and 3.x, but it was fixed in 3.2.


http://secunia.com/advisories/22418/ is 3.x, but was fixed in October of '06.


http://secunia.com/advisories/23193/ is 2.x and 3.x. The vulnerability is listed against spellwin.php, but spellcheck.php has the same problem. This is still (theoretically) present and might work if register_globals is on and the Moon is in the proper alignment with Mars, but I couldn't get them to pop up on my dev machine...


The fixes made today will be pushed to our public CVS repository ( http://cerberusweb.com/cvsweb.pl ) shortly.


-Hildy, Cerberus Helpdesk Developer
WebGroup Media LLC

I'm even quoted (quite loosely) on the last one. ;)

Your becoming world famous :p

Your becoming world famous :p

haha! And for all the wrong reasons. :D

haha! And for all the wrong reasons. :D

Oh admit it your loving