BleepingComputer.com: phpBB "highlight" PHP Code Execution Vulnerability

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

phpBB "highlight" PHP Code Execution Vulnerability

#1 User is offline   River_Rat 

  • Distinguished Member
  • PipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 773
  • Joined: 04-October 04
  • Gender:Male
  • Location:SW Oklahoma - USA

Posted 28 June 2005 - 08:34 AM

Release Date: 2005-06-28
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: phpBB 2.x

Quote

Description:
A vulnerability has been reported in phpBB, which potentially can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "highlight" parameter in "viewtopic.php" is not properly sanitised before being used in a "preg_replace()" call. This may be exploited to inject arbitrary PHP code.

The vulnerability has been reported in version 2.0.15. Prior versions may also be affected.

Solution:
Update to version 2.0.16.
http://www.phpbb.com/downloads.php


http://secunia.com/advisories/15845/

#2 User is offline   lucent 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Members
  • Posts: 172
  • Joined: 06-January 05
  • Gender:Male

Posted 28 June 2005 - 08:47 AM

thanks for the heads up River_Rat :thumbsup: :flowers:
Posted Image
Special thanks to efizzer for the signature

#3 User is offline   River_Rat 

  • Distinguished Member
  • PipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 773
  • Joined: 04-October 04
  • Gender:Male
  • Location:SW Oklahoma - USA

Posted 29 June 2005 - 10:17 AM

lucent, on Jun 28 2005, 08:47 AM, said:

thanks for the heads up River_Rat :thumbsup:  :flowers:

YW
Trying to stay informed.

#4 User is offline   River_Rat 

  • Distinguished Member
  • PipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 773
  • Joined: 04-October 04
  • Gender:Male
  • Location:SW Oklahoma - USA

Posted 29 June 2005 - 10:27 AM

Update

Quote

Secunia Advisory: SA15845   
Release Date: 2005-06-28
Last Update: 2005-06-29


Critical: Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: phpBB 2.x


Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.


Description:
Ron van Daal has reported a vulnerability in phpBB, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "highlight" parameter in "viewtopic.php" is not properly sanitised before being used in a "preg_replace()" call with the "e" modifier. This can be exploited to inject arbitrary PHP code.

NOTE: This is related to an older vulnerability incorrectly fixed in version 2.0.11.

The vulnerability has been reported in version 2.0.15 and prior.

Solution:
Update to version 2.0.16.
http://www.phpbb.com/downloads.php

Provided and/or discovered by: Ron van Daal

Changelog:
2005-06-28: Updated advisory.
2005-06-29: Ron van Daal released details. Updated "Description" section.

Original Advisory:
http://www.phpbb.com/phpBB/viewtopic.php?t=302011




Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.


http://secunia.com/advisories/15845/

#5 User is offline   lucent 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Members
  • Posts: 172
  • Joined: 06-January 05
  • Gender:Male

Posted 29 June 2005 - 07:21 PM

Thanks again, on the same day I recieved a message from the guys at phpBB. They have released an update for it, was this a planned update? or was it patched in record time with little regard to other insecurities? I don't mean to sound like I am bagging them I love using their software it is brilliant, I am, as always just curious.
Posted Image
Special thanks to efizzer for the signature

#6 User is offline   River_Rat 

  • Distinguished Member
  • PipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 773
  • Joined: 04-October 04
  • Gender:Male
  • Location:SW Oklahoma - USA

Posted 30 June 2005 - 09:12 AM

lucent, on Jun 29 2005, 07:21 PM, said:

Thanks again, on the same day I recieved a message from the guys at phpBB. They have released an update for it, was this a planned update? or was it patched in record time with little regard to other insecurities? I don't mean to sound like I am bagging them I love using their software it is brilliant, I am, as always just curious.

Yes this appears to be very good and popular software. I don't personally use it only because I have no need. One can only speculate if this was a planned update or they had discovered the security breach and used this update to fix it and other flaws. If I receive any information I will gladly keep you informed. :thumbsup:

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users