With the release of the bulletins for August 2008, this bulletin summary replaces the bulletin advance notification originally issued August 7, 2008. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.

Microsoft is hosting a webcast to address customer questions on these bulletins on August 13, 2008, at 11:00 AM Pacific Time (US & Canada). Register now for the August Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts...

• Project: Joomla!
• SubProject: com_user
• Severity: Critical
• Versions: 1.5.5 and all previous 1.5 releases
• Exploit type: Password Reset Forgery
• Reported Date: 2008-August-12
• Fixed Date: 2008-August-12

Description

A flaw in the reset token validation mechanism allows for non-validating tokens to be forged. This will allow an unauthenticated, unauthorized user to reset the password of the first enabled user (lowest id). Typically, this is an administrator user. Note, that changing the first users username may lessen the impact of this exploit (since the person who changed the password does not know the login associated with the new password). However, the only way to completely rectify the issue is to upgrade to 1.5.6 (or patch the /components/com_user/models/reset.php file)...

SkyOut has discovered a vulnerability in AproxEngine, which can be exploited by malicious people to disclose potentially sensitive information.

Input passed to the "page" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

The vulnerability is confirmed in version 5.1.0.4. Other versions may also be affected...