oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: YaBB 2.5.2 and earlier arbitrary code execution

From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 05 May 2013 00:37:25 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/04/2013 04:22 PM, John Lightsey wrote:

Hi everyone,

Yet another Bulletin Board (YaBB) 2.5.2 and earlier allow arbitrary
code execution through a combination of file uploads with
predictable locations and unsanitized use of the "guestlanguage"
cookie in file paths.

This problem is similar to CVE-2007-3295.


References:

http://www.yabbforum.com/community/YaBB.pl?num=1367511332

http://www.carsten-dalgaard.dk/cgi-bin/yabb2/YaBB.pl?num=1367511256



The vulnerability can be mitigated by setting the
$enable_guestlanguage variable to 0 in the YaBB configuration or
applying the patch provided in the links.


Please use CVE-2013-2057 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRhf4lAAoJEBYNRVNeJnmTL5AP/2Z2wXCLxbZzHFkcjB4Jh9Vp
nC51XBu2wgI9oNccIqu0A2uqoOATW9KxedEDw3ZNXFQoc0TfFXGBIKOxH+GC+dhz
mEjzbMu8KAMqtCDctLKhZntE6VXBcGdiOUiz/joJPp5taclt0ybMZbHULnsbdd9z
R/UXc1y9y2XZax7RZ6Ma/p1JoOy/Z3fT0t327VZB9xATDQpyuBaYU7ULN6jkP+oJ
u2wOYnegIbhWNOWPoMVn1f0fyXlIqhlPkR1mjHWiDqnTQCyoFma4V7GP/MqiE2qQ
RtctRD5FvsBiZ7GFcqOmvGYdXHik9mYJYcVTZ3sfr+4gRX5YF8PAWl1C2gsyxbjj
lagjMulTIC2yThFx+2tf0f/NOs7oA2mcjGDTaEffR1EP3gkpMnWLx7qfqItw0dhv
tbHNOwutcgVjHiY09AukHKU+K/y47FC2QrPhLzvHYtcvdijdgn18ABpMfZC4VGPb
0Bwl2Z7TUpXiuQBDxZCCv4Jzslgor67R243ixmwzAHm6jLvYH/XJXJA7vvSErG3x
LUuOiSqBmi9Wsq4ADZG+H3SR74fSw7vBNST9AVNa27cAyOmsKwDFKaebq/dQGWLN
8raZtOhOmOXhgQoTFyKC5VVGtCWcQGaj0c1dTKJ6SlBdEfwv22yE1XjYLH0D0hZh
msqo2vMgLuRox2yxebpJ
=JaOH
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: