Detections
Analytics

FreeBSD : phpbb -- NULL byte injection vulnerability (86526ba4-53c8-11db-8f1a-000a48049292)

medium Nessus Plugin ID 22502

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Secunia reports :

ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system.

Input passed to the 'avatar_path' parameter in admin/admin_board.php is not properly sanitised before being used as a configuration variable to store avatar images. This can be exploited to upload and execute arbitrary PHP code by changing 'avatar_path' to a file with a trailing NULL byte.

Successful exploitation requires privileges to the administration section.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?238c90b8

http://www.nessus.org/u?233030c9

http://www.nessus.org/u?2c8b69f6

Plugin Details

Severity: Medium

ID: 22502

File Name: freebsd_pkg_86526ba453c811db8f1a000a48049292.nasl

Version: 1.19

Type: local

Published: 10/5/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:phpbb, p-cpe:/a:freebsd:freebsd:zh-phpbb-tw, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 10/4/2006

Vulnerability Publication Date: 9/12/2006

Reference Information

CVE: CVE-2006-4758

BID: 20347

Secunia: 22188