GLSA-200503-02 : phpBB: Multiple vulnerabilities

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200503-02
(phpBB: Multiple vulnerabilities)

It was discovered that phpBB contains a flaw in the session
handling code and a path disclosure bug. AnthraX101 discovered that
phpBB allows local users to read arbitrary files, if the 'Enable remote
avatars' and 'Enable avatar uploading' options are set (CAN-2005-0259).
He also found out that incorrect input validation in
'usercp_avatar.php' and 'usercp_register.php' makes phpBB vulnerable to
directory traversal attacks, if the 'Gallery avatars' setting is
enabled (CAN-2005-0258).

Impact :

Remote attackers can exploit the session handling flaw to gain
phpBB administrator rights. By providing a local and a remote location
for an avatar and setting the 'Upload Avatar from a URL:' field to
point to the target file, a malicious local user can read arbitrary
local files. By inserting '/../' sequences into the 'avatarselect'
parameter, a remote attacker can exploit the directory traversal
vulnerability to delete arbitrary files. A flaw in the 'viewtopic.php'
script can be exploited to expose the full path of PHP scripts.

Workaround :

There is no known workaround at this time.

See also :

Solution :

All phpBB users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/phpBB-2.0.13'

Risk factor :

Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 5.6
Public Exploit Available : true

Family: Gentoo Local Security Checks

Nessus Plugin ID: 17249 (gentoo_GLSA-200503-02.nasl)

Bugtraq ID: 12618

CVE ID: CVE-2005-0258

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now