PHPBB Multiple Remote Path Disclosure Vulnerabilities
BID:12618
Info
PHPBB Multiple Remote Path Disclosure Vulnerabilities
| Bugtraq ID: | 12618 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 21 2005 12:00AM |
| Updated: | Feb 21 2005 12:00AM |
| Credit: | AnthraX101, SpoofedExistence, and matrix_killer are credited with the discovery of some of these issues. Other issues were reported by the vendor. |
| Vulnerable: |
phpBB Group phpBB 2.0.11 phpBB Group phpBB 2.0.10 phpBB Group phpBB 2.0.9 phpBB Group phpBB 2.0.8 a phpBB Group phpBB 2.0.8 phpBB Group phpBB 2.0.7 a phpBB Group phpBB 2.0.7 phpBB Group phpBB 2.0.6 d phpBB Group phpBB 2.0.6 c phpBB Group phpBB 2.0.6 phpBB Group phpBB 2.0.5 phpBB Group phpBB 2.0.4 phpBB Group phpBB 2.0.3 phpBB Group phpBB 2.0.2 phpBB Group phpBB 2.0.1 phpBB Group phpBB 2.0 .0 phpBB Group phpBB 2.0 RC4 phpBB Group phpBB 2.0 RC3 phpBB Group phpBB 2.0 RC2 phpBB Group phpBB 2.0 RC1 phpBB Group phpBB 2.0 Beta 1 Gentoo Linux |
| Not Vulnerable: |
phpBB Group phpBB 2.0.12 |
Discussion
PHPBB Multiple Remote Path Disclosure Vulnerabilities
phpBB is affected by multiple remote vulnerabilities.
The vendor has released phpBB 2.0.12 to address multiple path disclosure vulnerabilities affecting prior versions. These issues can allow an attacker to disclose sensitive data that may be used to launch further attacks against a vulnerable computer.
Due to a lack of details, further information is not available at the moment. It is possible that some of these issues were previously identified in other BIDS. This is not confirmed at the moment. This BID will be updated when more information becomes available.
phpBB is affected by multiple remote vulnerabilities.
The vendor has released phpBB 2.0.12 to address multiple path disclosure vulnerabilities affecting prior versions. These issues can allow an attacker to disclose sensitive data that may be used to launch further attacks against a vulnerable computer.
Due to a lack of details, further information is not available at the moment. It is possible that some of these issues were previously identified in other BIDS. This is not confirmed at the moment. This BID will be updated when more information becomes available.
Exploit / POC
PHPBB Multiple Remote Path Disclosure Vulnerabilities
An exploit is not required to leverage these issues.
An exploit is not required to leverage these issues.
Solution / Fix
PHPBB Multiple Remote Path Disclosure Vulnerabilities
Solution:
The vendor has released phpBB 2.0.12 to address these issues.
Gentoo has released advisory GLSA 200503-02 to address various issues in phpBB. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:
emerge --sync
emerge --ask --oneshot --verbose ">=www-apps/phpBB-2.0.13"
phpBB Group phpBB 2.0 RC1
phpBB Group phpBB 2.0 RC3
phpBB Group phpBB 2.0 RC4
phpBB Group phpBB 2.0 Beta 1
phpBB Group phpBB 2.0 RC2
phpBB Group phpBB 2.0 .0
phpBB Group phpBB 2.0.1
phpBB Group phpBB 2.0.10
phpBB Group phpBB 2.0.11
phpBB Group phpBB 2.0.2
phpBB Group phpBB 2.0.3
phpBB Group phpBB 2.0.4
phpBB Group phpBB 2.0.5
phpBB Group phpBB 2.0.6
phpBB Group phpBB 2.0.6 c
phpBB Group phpBB 2.0.6 d
phpBB Group phpBB 2.0.7
phpBB Group phpBB 2.0.7 a
phpBB Group phpBB 2.0.8 a
phpBB Group phpBB 2.0.8
phpBB Group phpBB 2.0.9
Solution:
The vendor has released phpBB 2.0.12 to address these issues.
Gentoo has released advisory GLSA 200503-02 to address various issues in phpBB. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:
emerge --sync
emerge --ask --oneshot --verbose ">=www-apps/phpBB-2.0.13"
phpBB Group phpBB 2.0 RC1
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0 RC3
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0 RC4
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0 Beta 1
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0 RC2
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0 .0
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.1
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.10
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.11
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.2
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.3
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.4
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.5
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.6
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.6 c
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.6 d
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.7
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.7 a
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.8 a
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.8
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.9
-
phpBB Group phpBB 2.0.12
http://www.phpbb.com/downloads.php
References
PHPBB Multiple Remote Path Disclosure Vulnerabilities
References:
References: