oss-sec mailing list archives

CVE Request: YaBB 2.5.2 and earlier arbitrary code execution

From: John Lightsey <john () nixnuts net>
Date: Sat, 04 May 2013 17:22:36 -0500

Hi everyone,

Yet another Bulletin Board (YaBB) 2.5.2 and earlier allow arbitrary code
execution through a combination of file uploads with predictable
locations and unsanitized use of the "guestlanguage" cookie in file paths.

This problem is similar to CVE-2007-3295.


References:

http://www.yabbforum.com/community/YaBB.pl?num=1367511332

http://www.carsten-dalgaard.dk/cgi-bin/yabb2/YaBB.pl?num=1367511256


The vulnerability can be mitigated by setting the $enable_guestlanguage
variable to 0 in the YaBB configuration or applying the patch provided
in the links.

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

CVE Request: YaBB 2.5.2 and earlier arbitrary code execution John Lightsey (May 04)
- Re: CVE Request: YaBB 2.5.2 and earlier arbitrary code execution Kurt Seifried (May 04)