oss-sec mailing list archives
Re: CVE Request: YaBB 2.5.2 and earlier arbitrary code execution
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 05 May 2013 00:37:25 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/04/2013 04:22 PM, John Lightsey wrote:
Hi everyone, Yet another Bulletin Board (YaBB) 2.5.2 and earlier allow arbitrary code execution through a combination of file uploads with predictable locations and unsanitized use of the "guestlanguage" cookie in file paths. This problem is similar to CVE-2007-3295. References: http://www.yabbforum.com/community/YaBB.pl?num=1367511332 http://www.carsten-dalgaard.dk/cgi-bin/yabb2/YaBB.pl?num=1367511256 The vulnerability can be mitigated by setting the $enable_guestlanguage variable to 0 in the YaBB configuration or applying the patch provided in the links.
Please use CVE-2013-2057 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRhf4lAAoJEBYNRVNeJnmTL5AP/2Z2wXCLxbZzHFkcjB4Jh9Vp nC51XBu2wgI9oNccIqu0A2uqoOATW9KxedEDw3ZNXFQoc0TfFXGBIKOxH+GC+dhz mEjzbMu8KAMqtCDctLKhZntE6VXBcGdiOUiz/joJPp5taclt0ybMZbHULnsbdd9z R/UXc1y9y2XZax7RZ6Ma/p1JoOy/Z3fT0t327VZB9xATDQpyuBaYU7ULN6jkP+oJ u2wOYnegIbhWNOWPoMVn1f0fyXlIqhlPkR1mjHWiDqnTQCyoFma4V7GP/MqiE2qQ RtctRD5FvsBiZ7GFcqOmvGYdXHik9mYJYcVTZ3sfr+4gRX5YF8PAWl1C2gsyxbjj lagjMulTIC2yThFx+2tf0f/NOs7oA2mcjGDTaEffR1EP3gkpMnWLx7qfqItw0dhv tbHNOwutcgVjHiY09AukHKU+K/y47FC2QrPhLzvHYtcvdijdgn18ABpMfZC4VGPb 0Bwl2Z7TUpXiuQBDxZCCv4Jzslgor67R243ixmwzAHm6jLvYH/XJXJA7vvSErG3x LUuOiSqBmi9Wsq4ADZG+H3SR74fSw7vBNST9AVNa27cAyOmsKwDFKaebq/dQGWLN 8raZtOhOmOXhgQoTFyKC5VVGtCWcQGaj0c1dTKJ6SlBdEfwv22yE1XjYLH0D0hZh msqo2vMgLuRox2yxebpJ =JaOH -----END PGP SIGNATURE-----
Current thread:
- CVE Request: YaBB 2.5.2 and earlier arbitrary code execution John Lightsey (May 04)
- Re: CVE Request: YaBB 2.5.2 and earlier arbitrary code execution Kurt Seifried (May 04)