AZ Bulletin Board Directory Traversal Vulnerability

Bugtraq ID:	13278
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 20 2005 12:00AM
Updated:	Apr 20 2005 12:00AM
Credit:	James Bercegay is credited with the discovery of this issue.
Vulnerable:	AZ Bulletin Board AZbb 1.0.7 c AZ Bulletin Board AZbb 1.0.7 b AZ Bulletin Board AZbb 1.0.7 a
Not Vulnerable:	AZ Bulletin Board AZbb 1.0.8

AZ Bulletin Board Directory Traversal Vulnerability

A remote directory traversal vulnerability affects AZ Bulletin Board. This issue is due to a failure of the application to sanitize user-supplied data prior to using it to access the host computer's file system.

An attacker may leverage this issue to delete arbitrary files on an affected computer with the privileges of the hosting Web server.

AZ Bulletin Board Directory Traversal Vulnerability

No exploit is required to leverage this issue.

AZ Bulletin Board Directory Traversal Vulnerability

Solution:
The vendor has released an upgrade dealing with this issue.


AZ Bulletin Board AZbb 1.0.7 a

• AZ Bulletin Board AZBB 1.0.08
  http://azbb.cyaccess.com/azbb.php?1091872271

AZ Bulletin Board AZbb 1.0.7 b

• AZ Bulletin Board AZBB 1.0.08
  http://azbb.cyaccess.com/azbb.php?1091872271

AZ Bulletin Board AZbb 1.0.7 c

• AZ Bulletin Board AZBB 1.0.08
  http://azbb.cyaccess.com/azbb.php?1091872271

AZ Bulletin Board Directory Traversal Vulnerability

References:

• AZbb Change Log (AZ Bulletin Board)
  
• AZbb Home Page (AZ Bulletin Board)
  
• Multiple Security Issues Found In AZBB ("GulfTech Security Research" )