[Bug 191201] [NEW] [phpbb2] several remote vulnerabilities

Tue, 12 Feb 2008 01:46:09 -0800 

Public bug reported:

Binary package hint: phpbb2

References:
DSA-1488-1 (http://www.debian.org/security/2008/dsa-1488)

Quoting:
"Several remote vulnerabilities have been discovered in phpBB, a web
based bulletin board.

The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2008-0471

        Private messaging allowed cross site request forgery, making
        it possible to delete all private messages of a user by sending
        them to a crafted web page.

CVE-2006-6841 / CVE-2006-6508

        Cross site request forgery enabled an attacker to perform various
        actions on behalf of a logged in user. (Applies to sarge only)

CVE-2006-6840

        A negative start parameter could allow an attacker to create
        invalid output. (Applies to sarge only)

CVE-2006-6839

        Redirection targets were not fully checked, leaving room for
        unauthorised external redirections via a phpBB forum.
        (Applies to sarge only)

CVE-2006-4758

        An authenticated forum administrator may upload files of any
        type by using specially crafted filenames. (Applies to sarge only)

For the stable distribution (etch), these problems have been fixed
in version 2.0.21-7.

For the old stable distribution (sarge), these problems have been
fixed in version 2.0.13+1-6sarge4.

For the unstable distribution (sid) these problems have been fixed
in version 2.0.22-3."

** Affects: phpbb2 (Ubuntu)
     Importance: Undecided
         Status: New

** Visibility changed to: Public

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2006-4758

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2006-6839

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2006-6840

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2006-6508

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2006-6841

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0471

-- 
[phpbb2] several remote vulnerabilities
https://bugs.launchpad.net/bugs/191201
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to