PHPBB Common.php IP Address Spoofing Vulnerability
BID:10170
Info
PHPBB Common.php IP Address Spoofing Vulnerability
| Bugtraq ID: | 10170 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 19 2004 12:00AM |
| Updated: | Apr 19 2004 12:00AM |
| Credit: | Discovery is credited to Wang and the SRR project group Ready Response <[email protected]>. |
| Vulnerable: |
phpBB Group phpBB 2.0.8 a phpBB Group phpBB 2.0.8 phpBB Group phpBB 2.0.7 a phpBB Group phpBB 2.0.7 phpBB Group phpBB 2.0.6 d phpBB Group phpBB 2.0.6 c phpBB Group phpBB 2.0.6 phpBB Group phpBB 2.0.5 phpBB Group phpBB 2.0.4 phpBB Group phpBB 2.0.3 phpBB Group phpBB 2.0.2 phpBB Group phpBB 2.0.1 phpBB Group phpBB 2.0 .0 |
| Not Vulnerable: |
phpBB Group phpBB 2.0.9 |
Discussion
PHPBB Common.php IP Address Spoofing Vulnerability
It has been reported that phpBB may be prone to a vulnerability that may allow a remote attacker to spoof their IP address. As a result, an attacker would hide their identity and bypass IP restrictions enabled by an administrator.
phpBB versions 2.0.8a and prior are reported to be affected by this issue.
It has been reported that phpBB may be prone to a vulnerability that may allow a remote attacker to spoof their IP address. As a result, an attacker would hide their identity and bypass IP restrictions enabled by an administrator.
phpBB versions 2.0.8a and prior are reported to be affected by this issue.
Exploit / POC
PHPBB Common.php IP Address Spoofing Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
PHPBB Common.php IP Address Spoofing Vulnerability
Solution:
The vendor has released version 2.0.9 of phpBB that addresses this issue.
phpBB Group phpBB 2.0 .0
phpBB Group phpBB 2.0.1
phpBB Group phpBB 2.0.2
phpBB Group phpBB 2.0.3
phpBB Group phpBB 2.0.4
phpBB Group phpBB 2.0.5
phpBB Group phpBB 2.0.6 c
phpBB Group phpBB 2.0.6 d
phpBB Group phpBB 2.0.6
phpBB Group phpBB 2.0.7
phpBB Group phpBB 2.0.7 a
phpBB Group phpBB 2.0.8 a
phpBB Group phpBB 2.0.8
Solution:
The vendor has released version 2.0.9 of phpBB that addresses this issue.
phpBB Group phpBB 2.0 .0
-
phpBB Group phpBB-2.0.9.zip
http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.9.zip?download
phpBB Group phpBB 2.0.1
-
phpBB Group phpBB-2.0.9.zip
http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.9.zip?download
phpBB Group phpBB 2.0.2
-
phpBB Group phpBB-2.0.9.zip
http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.9.zip?download
phpBB Group phpBB 2.0.3
-
phpBB Group phpBB-2.0.9.zip
http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.9.zip?download
phpBB Group phpBB 2.0.4
-
phpBB Group phpBB-2.0.9.zip
http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.9.zip?download
phpBB Group phpBB 2.0.5
-
phpBB Group phpBB-2.0.9.zip
http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.9.zip?download
phpBB Group phpBB 2.0.6 c
-
phpBB Group phpBB-2.0.9.zip
http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.9.zip?download
phpBB Group phpBB 2.0.6 d
-
phpBB Group phpBB-2.0.9.zip
http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.9.zip?download
phpBB Group phpBB 2.0.6
-
phpBB Group phpBB-2.0.9.zip
http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.9.zip?download
phpBB Group phpBB 2.0.7
-
phpBB Group phpBB-2.0.9.zip
http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.9.zip?download
phpBB Group phpBB 2.0.7 a
-
phpBB Group phpBB-2.0.9.zip
http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.9.zip?download
phpBB Group phpBB 2.0.8 a
-
phpBB Group phpBB-2.0.9.zip
http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.9.zip?download
phpBB Group phpBB 2.0.8
-
phpBB Group phpBB-2.0.9.zip
http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.9.zip?download
References
PHPBB Common.php IP Address Spoofing Vulnerability
References:
References:
- phpBB Changelog (phpBB)
- phpBB Homepage (phpBB)
- phpBB 2.0.8a and lower - IP spoofing vulnerability (Ready Response
)