Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Jeroen van Wolffelaar <jeroen@wolffelaar.nl>: Bug#388120; Package phpbb2.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Jeroen van Wolffelaar <jeroen@wolffelaar.nl>.
(full text, mbox, link).
Package: phpbb2
Severity: important
Tags: security
A vulnerability has been found in phpBB:
phpBB 2.0.21 does not properly handle pathnames ending in %00, which
allows remote authenticated administrative users to upload arbitrary
files, as demonstrated by a query to admin/admin_board.php with an
avatar_path parameter ending in .php%00.
Information forwarded to debian-bugs-dist@lists.debian.org, Jeroen van Wolffelaar <jeroen@wolffelaar.nl>: Bug#388120; Package phpbb2.
(full text, mbox, link).
Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Jeroen van Wolffelaar <jeroen@wolffelaar.nl>.
(full text, mbox, link).
On Mon, 2006-09-18 at 20:00 +0200, Stefan Fritsch wrote:
> phpBB 2.0.21 does not properly handle pathnames ending in %00, which
> allows remote authenticated administrative users to upload arbitrary
> files, as demonstrated by a query to admin/admin_board.php with an
> avatar_path parameter ending in .php%00.
Thank you for your report. Since it requires an authenticated admin and
the possible action is just a minor elevation of existing abilities, I
don't think it's critical enough to warrant an update in stable.
We will address it in the next regular upload of the package.
Thijs
To: control@bugs.debian.org, 388120-submitter@bugs.debian.org
Subject: phpBB bugs fixed in revision r308
Date: Sun, 01 Oct 2006 13:21:43 +0200
# Fixed in r308 by kink
tag 388120 + pending
thanks
These bugs are fixed in revision 308 by kink
Log message:
* Medium urgency upload for low-risk, but still, security bugs.
* CVE-2006-4758: patch admin/admin_board.php for file upload
vulnerability by administrator (Closes: #388120).
Reply sent to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer.
(full text, mbox, link).
Source: phpbb2
Source-Version: 2.0.21-4
We believe that the bug you reported is fixed in the latest version of
phpbb2, which is due to be installed in the Debian FTP archive:
phpbb2-conf-mysql_2.0.21-4_all.deb
to pool/main/p/phpbb2/phpbb2-conf-mysql_2.0.21-4_all.deb
phpbb2-languages_2.0.21-4_all.deb
to pool/main/p/phpbb2/phpbb2-languages_2.0.21-4_all.deb
phpbb2_2.0.21-4.diff.gz
to pool/main/p/phpbb2/phpbb2_2.0.21-4.diff.gz
phpbb2_2.0.21-4.dsc
to pool/main/p/phpbb2/phpbb2_2.0.21-4.dsc
phpbb2_2.0.21-4_all.deb
to pool/main/p/phpbb2/phpbb2_2.0.21-4_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 388120@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated phpbb2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 1 Oct 2006 13:12:40 +0200
Source: phpbb2
Binary: phpbb2-languages phpbb2-conf-mysql phpbb2
Architecture: source all
Version: 2.0.21-4
Distribution: unstable
Urgency: medium
Maintainer: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description:
phpbb2 - A fully featured and skinnable flat (non-threaded) webforum
phpbb2-conf-mysql - Automatic configurator for phpbb2 on MySQL database
phpbb2-languages - phpBB2 additional languages
Closes: 388120
Changes:
phpbb2 (2.0.21-4) unstable; urgency=medium
.
* Medium urgency upload for low-risk, but still, security bug.
* CVE-2006-4758: patch admin/admin_board.php for file upload
vulnerability by administrator (Closes: #388120).
* Add XS-Vcs-Svn-Url header.
Files:
2f14885d433e809bf60c56701689c1f4 761 web optional phpbb2_2.0.21-4.dsc
51f270db29dbda9d837cd42df36a3759 84416 web optional phpbb2_2.0.21-4.diff.gz
7acbee8891ddfe24e473fd69d8e79077 546448 web optional phpbb2_2.0.21-4_all.deb
bf4d3106dd0e8ee0d2bb64670c454290 52216 web extra phpbb2-conf-mysql_2.0.21-4_all.deb
da299a112a026e15a585eeac2ee8c328 2725956 web optional phpbb2-languages_2.0.21-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFH6nmJdKMxZV9WM8RAmKwAKCJb4JuTXjpUO2BnmJiRrYEvBKqvgCg5eJN
5VbUW3l5rYxkLbC5UB4xh4M=
=d8TL
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 24 Jun 2007 20:05:27 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.