[PLDSA 8-1] New phpBB packages fix execution of arbitrary code via network

Krzysiek Taraszka dzimi at pld.org.pl
Sat Jan 4 18:52:55 CET 2003 

- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 8-1                        security at pld.org.pl
http://www.pld.org.pl/security/                          PLD Security Team
04 January 2003 			http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------

Package        : phpBB-2.0.3-4		
Vulnerability  : Execution of arbitrary code via network
Problem-Type   : remote
PLD-specific   : no

An input validation vulnerability was reported in the Advanced Quick Reply 
hack for the phpBB forum. 
A remote user can execute shell commands on the server.
It is reported that a remote user can cause remotely located PHP scripts to
be executed on the target server because of a flaw in specifying the target
directory for the '$phpbb_root_path' variable.
To exploit this, the user must create malicious PHP code on an arbitrary
remote server (a server that the remote user controls or has access to).
Then, the remote user can send a specially crafted URL to the target web
server to cause the target web server to execute the malicious PHP code.
The code will be executed with the privileges of the web server process.

The above problems have been fixed in version 2.0.3-5 for the
current stable distribution (ra).

Other vulnerability was found to. A remote user can access the target 
user's cookies (including authentication cookies), if any, associated 
with the site running phpBB2, access data recently submitted by the 
target user via web form to the site, or take actions on the site acting 
as the target user.

No solution was available at the time of this entry.

PLD Security Team suggests that you disable the ability to post messages
containing HTML and require users to use BBCode instead.

We recommend that you upgrade your phpBB packages.

wget -c url
	will fetch the file for you
rpm -Uhv file(s)*.rpm
        will upgrade the referenced file.

If you are using "poldek" - the package manager, use the line as given below
for upgrade packages

poldek --update
        will update the internal database
poldek --upgrade 'phpBB*'
        will install corrected packages

If you are using "apt" - the package manager, use the line as given below
for upgrade packages

apt-get update
        will update the internal database
apt-get upgrade 'phpBB*'
        will install corrected packages

PLD Linux 1.0 alias ra
- --------------------

  Source archives:

ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/phpBB-2.0.3-5.src.rpm
       MD5 checksum: 06e3dfcf7fb9467831fb5ca964a596a0

  Noarch components (in i386 tree):

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/phpBB-2.0.3-5.noarch.rpm
       MD5 checksum: 0f6f41eebb4e95e320844877becc91d3

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/phpBB-install-2.0.3-5.noarch.rpm
       MD5 checksum: 1cf428ebbcbf60d86ecc1e9aa9835387


  Noarch components (in i586 tree):

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/phpBB-2.0.3-5.noarch.rpm
       MD5 checksum: e1ec2b717a5192e50f6f913633704f3c

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/phpBB-install-2.0.3-5.noarch.rpm
       MD5 checksum: 2648098c6b0c4752b4bbb381163e62fc


  Noarch components (in i686 tree):

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/phpBB-2.0.3-5.noarch.rpm
       MD5 checksum: 26dead08e953dcece19a9f250fb2a666

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/phpBB-install-2.0.3-5.noarch.rpm
       MD5 checksum: 291797cc993524e7c0813eb032a0fc4a


  Noarch components (in ppc tree):

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/phpBB-2.0.3-5.noarch.rpm
       MD5 checksum: 0bd15a2b85082f3461647293c520dc29

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/phpBB-install-2.0.3-5.noarch.rpm
       MD5 checksum: 02bbb287ac28c41053e3af8b6db5475e


-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.

For i386 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security

More information about the pld-security-announce mailing list