|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200507-03] phpBB: Arbitrary command execution Vulnerability Scan
Vulnerability Scan Summary
phpBB: Arbitrary command execution
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200507-03
(phpBB: Arbitrary command execution)
Ron van Daal discovered that phpBB contains a vulnerability in the
highlighting code.
Impact
Successful exploitation would grant a possible hacker unrestricted
access to the PHP exec() or system() functions, allowing the execution
of arbitrary commands with the rights of the web server.
Workaround
Please follow the instructions given in the phpBB announcement.
References:
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=302011
Solution:
The phpBB package is no longer supported by Gentoo Linux and has
been removed from the Portage repository, no further announcements will
be issued regarding phpBB updates. Users who wish to continue using
phpBB are advised to monitor and refer to www.phpbb.com for more
information.
To continue using the Gentoo-provided phpBB
package, please refer to the Portage documentation on unmasking
packages and upgrade to 2.0.16.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
