oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 08 Jan 2013 12:11:30 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/08/2013 06:36 AM, WHK Yan wrote:

The flaw is not exploitable without privileges. On some occasions
there are forums where there are co-admistrators which have
privileges to view the error log but not to modify code or at least
read the mysql connection.


So is a trust/security boundary crossed here? Can you please confirm
that the co-admistrator (or anyone) is not supposed to be able to read
arbitrary files accessible to the web server, and that this attack
does indeed allow that? Thanks.

Removing full-disclosure () lists grok org uk from CC due to reply spam.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ7G9iAAoJEBYNRVNeJnmTPD0P/3qP0sPDl82+V1ST02WalH7q
O4qhaSWUi//rY3RXMARDVfNUOeTfzBgOpS21/4qeLuLH07ko5rrwGOksuc6U8fE+
NOQz9A3sqHQyE0419WqWDuI/kIK7SucWnGw8ACU+/vckvzWjfSDRQamq6+P+SBxL
Cf8zS65JY5kMTRgOPK4HMy/UyUgye9DTg49aKoUIzDndbzEX+BIvr6LqSPzh5wTE
+/NbA9R20ARFGJSe/gQARTVs8d5p0/6oi9KSxcwHLfvpWEC1zNsziVpervI3doNB
SXb9DoiGH/G0GGoryVP5tl2kgzuaMWgdys/ypHDZ+Jmap4DsV161+Y1pS8UcRP4f
MRAKZ3Slb/1wyW7omRnA/J6EWrgyEq4Z0f14DPUhLiLMaOgIHbVEt/b/pfyRYdPE
EEhbemCqzqaQMwSkN9g8XSOptwD2g2vj01Kdi58TzKvS4zZefHnmVCUmfr31fEF6
iuh4FH4baYygNlyqMMH83QtSHEB6YwRGky/bMxFZ+FGOPq0amYXBhiqV/dAkS2Ns
+Tt0dpJCIBo4e6TMOmFe4obpYj4XSlRVz0SKiU4oz5XvDKUiKEM1Q4DGrLtY2+9W
1ozv7vcKFdg89Vrm/i9BfAiyLue9swXtr5LFS1PAE5HJB6yWBSERv2PPvnX4xj3i
PMcisy0d8xjsEbxA4rxG
=d5Kh
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: