FreeBSD : phpbb -- multiple information disclosure vulnerabilities (03653079-8594-11d9-afa0-003048705d5a)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

psoTFX reports :

phpBB Group are pleased to announce the release of phpBB 2.0.12 the
'Horray for Furrywood' release. This release addresses a number of
bugs and a couple of potential exploits. [...] one of the potential
exploits addressed in this release could be serious in certain
situations and thus we urge all users, as always, to upgrade to this
release as soon as possible. Mostly this release is concerned with
eliminating disclosures of information which while useful in debug
situations may allow third parties to gain information which could be
used to do harm via unknown or unfixed exploits in this or other
applications.

The ChangeLog for phpBB 2.0.12 states :

- Prevented full path display on critical messages

- Fixed full path disclosure in username handling caused by a PHP
4.3.10 bug - AnthraX101

- Added exclude list to unsetting globals (if register_globals is on)
- SpoofedExistence

- Fixed arbitrary file disclosure vulnerability in avatar handling
functions - AnthraX101

- Fixed arbitrary file unlink vulnerability in avatar handling
functions - AnthraX101

- Fixed path disclosure bug in search.php caused by a PHP 4.3.10 bug
(related to AnthraX101's discovery)

- Fixed path disclosure bug in viewtopic.php caused by a PHP 4.3.10
bug - matrix_killer

See also :

http://www.phpbb.com/support/documents.php?mode=changelog
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=265423
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=77943
http://www.nessus.org/u?8d399049

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 18824 (freebsd_pkg_03653079859411d9afa0003048705d5a.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now