Executive Summary
| Summary | |
|---|---|
| Title | New phpbb2 packages fix several vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | DSA-925 | First vendor Publication | 2005-12-22 |
| Vendor | Debian | Last vendor Modification | 2005-12-22 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several vulnerabilities have been discovered in phpBB, a fully featured and skinnable flat webforum, The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3310 Multiple interpretation errors allow remote authenticated users to inject arbitrary web script when remote avatars and avatar uploading are enabled. CVE-2005-3415 phpBB allows remote attackers to bypass protection mechanisms that deregister global variables that allows attackers to manipulate the behaviour of phpBB. CVE-2005-3416 phpBB allows remote attackers to bypass security checks when register_globals is enabled and the session_start function has not been called to handle a session. CVE-2005-3417 phpBB allows remote attackers to modify global variables and bypass security mechanisms. CVE-2005-3418 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web scripts. CVE-2005-3419 An SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands. CVE-2005-3420 phpBB allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter. CVE-2005-3536 Missing input sanitising of the topic type allows remote attackers to inject arbitrary SQL commands. CVE-2005-3537 Missing request validation permitted remote attackers to edit private messages of other users. The old stable distribution (woody) does not contain phpbb2 packages. For the stable distribution (sarge) these problems have been fixed in version 2.0.13+1-6sarge2. For the unstable distribution (sid) these problems have been fixed in version 2.0.18-1. We recommend that you upgrade your phpbb2 packages. |
Original Source
| Url : http://www.debian.org/security/2005/dsa-925 |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-33 | HTTP Request Smuggling |
| CAPEC-105 | HTTP Request Splitting |
| CAPEC-273 | HTTP Response Smuggling |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-04 | Name : FreeBSD Ports: phpbb, zh-phpbb-tw File : nvt/freebsd_phpbb9.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 925-1 (phpbb2) File : nvt/deb_925_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 22271 | phpBB Unspecified Arbitrary Private Message Modification |
| 22270 | phpBB topic type SQL Injection phpBB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the not properly sanitizing user-supplied input to the 'topic type'. This may allow an attacker to inject or manipulate SQL queries in the back-end database. |
| 20414 | phpBB register_long_array register_globals Bypass phpBB contains a flaw that may allow a remote attacker to bypass the globals deregistration code (register_globals). The issue is triggered when the 'register_long_array' option is turned off making PHP not able to verify user-supplied input to the HTTP_* variables. It is possible that the flaw may result in cross site scripting and SQL injection attacks due to the lack of the register_globals function being honored. |
| 20413 | phpBB Crafted HTTP_SESSION_VARS Variable register_globals Bypass phpBB contains a flaw that may allow a remote attacker to bypass the globals deregistration code (register_globals). The flaw exists because the application starts not knowing the values of the $_SESSION or $HTTP_SESSION_VARS variables. It is possible a user can supply arbitrary values to these variables which will cause the register_globals setting to be ignored, allowing for cross-site scripting or SQL injection attacks. |
| 20391 | phpBB usercp_register.php signature_bbcode_uid Variable Arbitrary PHP Code Ex... phpbb contains a flaw that allows remote code execution. This flaw exists because the application does not validate the 'signature_bbcode_uid' variable upon submission to the 'usercp_register.php' script. This could allow a user to execute remote code, leading to a loss of integrity. |
| 20390 | phpBB usercp_register.php signature_bbcode_uid Parameter SQL Injection phpBB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'usercp_register.php' script not properly sanitizing user-supplied input to the 'signature_bbcode_uid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database. |
| 20389 | phpBB search.php list_cat Parameter XSS phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'list_cat' variable upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 20388 | phpBB login.php forward_page Parameter XSS phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'forward_page' variable upon submission to the 'login.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 20387 | phpBB usercp_register.php error_msg Parameter XSS phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'error_msg' variables upon submission to the 'usercp_register.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 20386 | phpBB GPC Variable Set register_globals Bypass phpBB contains a flaw that may allow a remote attacker to bypass the globals deregistration code. The issue is triggered due to an error where global variables defined by the user are not properly unset. It is possible that the flaw may allow cross site scripting and SQL injection attacks, and/or execution of arbitrary PHP code resulting in a loss of integrity. |
| 20248 | Microsoft IE Embedded Content Processing XSS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-925.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-958.nasl - Type : ACT_GATHER_INFO |
| 2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_28c9243a72ed11da8c1d000e0c2e438a.nasl - Type : ACT_GATHER_INFO |
| 2005-11-02 | Name : The remote web server contains a PHP application that is affected by multiple... File : phpbb_2_0_17.nasl - Type : ACT_ATTACK |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:34:45 |
|
