ikonboard Arbitrary Command Execution Vulnerability

Bugtraq ID:	2157
Class:	Input Validation Error
CVE:	CVE-2001-0076
Remote:	No
Local:	Yes
Published:	Dec 28 2000 12:00AM
Updated:	Jul 11 2009 04:46AM
Credit:	This vulnerability was announced by Gijs Hollestelle <[email protected]> on December 28, 2000.
Vulnerable:	Ikonboard.com ikonboard 2.1.7 b - BSDI BSD/OS 4.0.1 - Debian Linux 2.2 - Digital (Compaq) TRU64/DIGITAL UNIX 5.0 - FreeBSD FreeBSD 4.2 - HP HP-UX 11.11 - IBM AIX 4.3.3 - Mandriva Linux Mandrake 7.2 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 - NetBSD NetBSD 1.4.3 - OpenBSD OpenBSD 2.8 - Redhat Linux 7.0 - SCO eServer 2.3 - Sun Solaris 8_sparc - SuSE Linux 7.0
Not Vulnerable:

ikonboard Arbitrary Command Execution Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

ikonboard Arbitrary Command Execution Vulnerability

Solution:
This code was sent by Gijs Hollestelle <[email protected]> and is reportedly the official vendor fix to the problem code:

From register.cgi:

@params = $query->param;
foreach $param(@params) {
$theparam = $query->param($param);
$theparam = &unHTML("$theparam");
${$param} = $theparam;
}

Replace with:

for ('inmembername','password','emailaddress',
'showemail','homepage','aolname','icqnumber','location','interests',
'signature','timedifference','useravatar','action') {
next unless defined $_;
next if $_ eq 'SEND_MAIL';
$tp = $query->param($_);
$tp = &unHTML("$tp");
${$_} = $tp;
}

ikonboard Arbitrary Command Execution Vulnerability

References: