|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200411-32] phpBB: Remote command execution Vulnerability Scan
Vulnerability Scan Summary phpBB: Remote command execution
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200411-32
(phpBB: Remote command execution)
phpBB contains a vulnerability in the highlighting code and
several vulnerabilities in the username handling code.
Impact
A possible hacker can exploit the highlighting vulnerability to access
the PHP exec() function without restriction, allowing them to run
arbitrary commands with the rights of the web server user (for example
the apache user). Furthermore, the username handling vulnerability
might be abused to execute SQL statements on the phpBB database.
Workaround
There is a one-line patch which will remediate the remote
execution vulnerability.
Locate the following block of code in
viewtopic.php:
//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = ''
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))))
for($i = 0
$i < sizeof($words)
$i++)
{
Replace with the following:
//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = ''
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])))
for($i = 0
$i < sizeof($words)
$i++)
{
References:
http://www.phpbb.com/phpBB/viewtopic.php?t=240513
Solution:
All phpBB users should upgrade to the latest version to fix all
known vulnerabilities:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/phpbb-2.0.11"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|