Detections
Analytics

GLSA-200503-02 : phpBB: Multiple vulnerabilities

medium Nessus Plugin ID 17249

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200503-02 (phpBB: Multiple vulnerabilities)

 It was discovered that phpBB contains a flaw in the session handling code and a path disclosure bug. AnthraX101 discovered that phpBB allows local users to read arbitrary files, if the 'Enable remote avatars' and 'Enable avatar uploading' options are set (CAN-2005-0259).
 He also found out that incorrect input validation in 'usercp_avatar.php' and 'usercp_register.php' makes phpBB vulnerable to directory traversal attacks, if the 'Gallery avatars' setting is enabled (CAN-2005-0258).
 Impact :

 Remote attackers can exploit the session handling flaw to gain phpBB administrator rights. By providing a local and a remote location for an avatar and setting the 'Upload Avatar from a URL:' field to point to the target file, a malicious local user can read arbitrary local files. By inserting '/../' sequences into the 'avatarselect' parameter, a remote attacker can exploit the directory traversal vulnerability to delete arbitrary files. A flaw in the 'viewtopic.php' script can be exploited to expose the full path of PHP scripts.
 Workaround :

 There is no known workaround at this time.

Solution

All phpBB users should upgrade to the latest available version:
 # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/phpBB-2.0.13'

See Also

https://www.phpbb.com/community/viewtopic.php?f=14&t=267563

https://security.gentoo.org/glsa/200503-02

Plugin Details

Severity: Medium

ID: 17249

File Name: gentoo_GLSA-200503-02.nasl

Version: 1.20

Type: local

Published: 3/2/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:phpbb, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/1/2005

Reference Information

CVE: CVE-2005-0258, CVE-2005-0259

BID: 12618, 12621, 12623, 12678

GLSA: 200503-02