search menu icon-carat-right cmu-wordmark

CERT Coordination Center

phpBB vulnerable to file disclosure

Vulnerability Note VU#774686

Original Release Date: 2005-02-25 | Last Revised: 2005-03-17

Overview

The phpBB input validation methods may fail to sanitize user input resulting in a disclosure of arbitrary file data.

Description

phpBB is a customizable open source bulletin board package. It contains functionality that allows users to specify graphic files for use as "avatars." These files may be located on a remote server or on a filesystem. However, a local file upload path using the default, temporary remote server name can cause the remote phpBB server to interpret a file local to the server as the avatar file. This file will then be made available to theuser for download or viewing.

Impact

If the remote avatar and remote avatar uploading functions are enabled (which are disabled by default), a remote, authenticated attacker who is allowed to specify remote avatars may be able to access arbitrary files on the phpBB server with the permissions of the web server.

Solution

Apply an update

phpBB versions 2.0.12 and later do not contain this flaw. The phpBB web page contains additional information and downloads.


As a workaround, administrators may disable remote avatars and remote avatar uploading. These features are disabled by default.

Vendor Information

774686
 
Affected   Unknown   Unaffected

PHPBB

Updated:  February 24, 2005

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The phpBB web page contains additional information and downloads.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

Thanks to AnthraX101 for reporting this vulnerability.

This document was written by Ken MacInnis.

Other Information

CVE IDs: CVE-2005-0259
Severity Metric: 3.75
Date Public: 2005-02-22
Date First Published: 2005-02-25
Date Last Updated: 2005-03-17 13:58 UTC
Document Revision: 10

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.