EXEC exploit in phpBB - fix
From: Paul S. Owen (paul0x01_at_starstreak.net)
Date: 11/18/04
- Previous message: Conectiva Updates: "[CLA-2004:890] Conectiva Security Announcement - libxml2"
- Next in thread: Ron Brinker: "RE: EXEC exploit in phpBB - fix"
- Reply: Ron Brinker: "RE: EXEC exploit in phpBB - fix"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <bugtraq@securityfocus.com> Date: Thu, 18 Nov 2004 12:33:45 -0000
Following additional information supplied to us by a party other than
"howdark.com" we can confirm the existence of a serious exploit in phpBB, in
all versions below 2.0.11.
We will not post concept of proof information given the seriousness of this
issue. Unfortunately howdark.com group have chosen to as a personal vendetta
against phpbb.com.
We are preparing full, changed files and patch based releases which fix this
issue (and several other bugs/issues). While we are testing this we urge all
phpBB users to implement the fix given in the following announcement at
phpbb.com:
http://www.phpbb.com/phpBB/viewtopic.php?t=240513
Please spread this information far and wide, all hosting providers if
possible please inform your users. Anyone copying the howdark.com exploit
_please_ ensure you also include details of the fix noted in the above post!
PS: Thanks to the bugtraq moderators for moderating out a previous post of
mine, ta muchly for that :)
- Previous message: Conectiva Updates: "[CLA-2004:890] Conectiva Security Announcement - libxml2"
- Next in thread: Ron Brinker: "RE: EXEC exploit in phpBB - fix"
- Reply: Ron Brinker: "RE: EXEC exploit in phpBB - fix"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
