Tryton Unconference Liège 2017 is coming!

Security Release for issue6361

Publicado: 2017-04-04 18:00:00+00:00 release security

Synopsis

A vulnerability in trytond has been found by Cédric Krier.

The CVE-2017-0360 allows an authenticated user with write access to report or icon definition to make the server open any readable file under any sibling folder of the trytond installation but only if starts with trytond (for example: ../trytond_suffix). This is a remaining case from CVE-2016-1242

Workaround

The sibling folder starting with trytond could be renamed.

Resolution

All users should upgrade trytond to the latest version.

Affected versions per series: <=3.4.16, <=3.6.14, <=3.8.10, <=4.0.7 and <=4.2.2

Non affected versions per series: >=3.4.17, >=3.6.15, >=3.8.11, >=4.0.8 and >=4.2.3

Concern?

Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security.

Security Release for issue5795 and issue5808

Publicado: 2016-08-31 10:00:00+00:00 release security

Synopsis

Two vulnerabilities in trytond have been found by Cédric Krier.

The CVE-2016-1241 allows an authenticated user to read the hashed password of other users. The exploitation is not easy thanks to the existing protection of Tryton against such leak. Those protections are usage of strong hash method (bcrypt or sha1) and the salt of the password with random data (protection against rainbow tables).

The CVE-2016-1242 allows an authenticated user with write access to report or icon definition to make the server opens any readable file. By default, only the administrator group has such right access.

Workaround

There is no workaround for CVE-2016-1241.

For CVE-2016-1242, the modification rights could be removed to all users for the report and icon records.

Resolution

All users should upgrade trytond to the latest version.

It is recommended that every user changes his password.

Affected versions per series: <=3.2.16, <=3.4.13, <=3.6.11, <=3.8.7 and <=4.0.3

Non affected versions per series: >=3.2.17, >=3.4.14, >= 3.6.12, >=3.8.8 and >=4.0.4

Concern?

Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security.

Security Announce for issue5570

Publicado: 2016-06-15 12:00:00+00:00 security

Synopsis

A missing access right has been found by Cédric Krier for the Model 'product.product-production.bom'. That allows a malicious authenticated user to write, create or delete records of this type (see issue5570).

Impact

Any authenticated user can modify the links between products and BoM's.

Resolution

All users should create manually a default model access which limits to read only and a second model access limited to the group "Production Administration" with full access.

Affected versions: all versions of production module prior to series 4.0 included.

Non affected version: all versions of production module after series 4.0 non-included.

References

Concern?

Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security.

Publicación seguridad para issue5167

Publicado: 2015-12-17 07:00:00+00:00 release security

Sinopsis

Una vulnerabilidad en trytond ha sido encontrada por Cédric Krier, que podría permitir a un usuario malicioso autenticado escribir en campos en los cuales no tiene acceso (ver issue5167).

Impacto

Cualquier usuario autenticado puede escribir en campos en los cuales no tiene acceso. Los otros permisos de acceso se verifican correctamente.

Alternativa

No existe ninguna alternativa.

Resolución

Todos los usuarios deben actualizar trytond a la última versión.

Versiones afectadas: <=3.8.0, <=3.6.4, <=3.4.7 and <=3.2.9

Versiones no afectadas: >=3.8.1, >=3.6.5, >=3.4.8 and >=3.2.10

¿Incidencias?

Cualquier incidencia de seguridad debe ser reportada en el bug-tracker https://bugs.tryton.org/ con el tipo security.

Publicación seguridad para issue4155

Publicado: 2014-09-30 10:00:00+00:00 release security

Sinopsis

Una vulnerabilidad en trytond ha sido encontrada por duesenfranz, que podría permitir a un usuario malicioso ejecutar código arbitrario en el servidor a través de la función safe_eval (ver issue4155).

Impacto

Cualquier usuario autenticado puede ejecutar comandos arbitrarios en el servidor con los permisos del usuario trytond.

Alternativa

No existe ninguna alternativa.

Resolución

Todos los usuarios deben actualizar trytond a la última versión de la serie utilizada.

¿Incidencias?

Cualquier incidencia de seguridad debe ser reportada en el bug-tracker https://bugs.tryton.org/ con el tipo security.

Security Release for issue3446

Publicado: 2013-11-04 10:00:00+00:00 release security

Synopsis

A vulnerability in tryton has been found, that might allow a malicious server to send a crafted extention as answer to a report request leading the client to write the report on any file of the client host with the right of the user running the client (see issue3446).

Impact

Any file can be created on the client host with the access permissions of the user running the client.

Workaround

Users should connect only to trusted servers.

Resolution

All users should upgrade to the latest version of the used series.

Concern?

Any security concerns should be reported on the bug-tracker at http://bugs.tryton.org/ with the type security.