This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200503-02
(phpBB: Multiple vulnerabilities)
It was discovered that phpBB contains a flaw in the session
handling code and a path disclosure bug. AnthraX101 discovered that
phpBB allows local users to read arbitrary files, if the 'Enable remote
avatars' and 'Enable avatar uploading' options are set (CAN-2005-0259).
He also found out that incorrect input validation in
'usercp_avatar.php' and 'usercp_register.php' makes phpBB vulnerable to
directory traversal attacks, if the 'Gallery avatars' setting is
Remote attackers can exploit the session handling flaw to gain
phpBB administrator rights. By providing a local and a remote location
for an avatar and setting the 'Upload Avatar from a URL:' field to
point to the target file, a malicious local user can read arbitrary
local files. By inserting '/../' sequences into the 'avatarselect'
parameter, a remote attacker can exploit the directory traversal
vulnerability to delete arbitrary files. A flaw in the 'viewtopic.php'
script can be exploited to expose the full path of PHP scripts.
There is no known workaround at this time.
See also :
All phpBB users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/phpBB-2.0.13'
Risk factor :
Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 5.6
Public Exploit Available : true
Family: Gentoo Local Security Checks
Nessus Plugin ID: 17249 (gentoo_GLSA-200503-02.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now