Vulnerability in tDiary

On 20 July 2005, a 'Cross-Site Request Forgeries (CSRF)' vulnerability has been discovered in tDiary. tDiary development team fixed this and released fixed versions.

Affected versions
------------------------

* tDiary 2.0.1 and older (Stable releases)
* tDiary 2.1.1 (Development release)

Fixed in
-----------

* tDiary 2.0.2 (Stable release)
* tDiary 2.1.2 (Development release)

More information
------------------------

Remote attackers could exploit the trust of a logged-on user by letting him/her click their URIs or web sites, and edit and/or delete entries or configurations of his/her tDiary. The vulnerability could also allow any commands or scripts to run
with the privilege of the web server which serves tDiary CGI.

See http://en.wikipedia.org/wiki/Csrf for CSRF.

The fixed versions implement some new filtering functionarities for updating an entry or configuration. Now tDiary only accepts requests with:

* POST method, and
* a valid referer, and
* a key embedded in a form, which attackers can not guess.

Acknowledgements
----------------------------

* Yutaka OIWA and Hiromitsu TAKAGI (Research Center for Information Security, National Institute of Advanced Industrial Science and Technology (AIST))
* JPCERT/CC
* IPA

Posted by TADA Tadashi 2005-07-21