Detections
Analytics

GLSA-200507-03 : phpBB: Arbitrary command execution

high Nessus Plugin ID 18607

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200507-03 (phpBB: Arbitrary command execution)

 Ron van Daal discovered that phpBB contains a vulnerability in the highlighting code.
 Impact :

 Successful exploitation would grant an attacker unrestricted access to the PHP exec() or system() functions, allowing the execution of arbitrary commands with the rights of the web server.
 Workaround :

 Please follow the instructions given in the phpBB announcement.

Solution

The phpBB package is no longer supported by Gentoo Linux and has been masked in the Portage repository, no further announcements will be issued regarding phpBB updates. Users who wish to continue using phpBB are advised to monitor and refer to www.phpbb.com for more information.
 To continue using the Gentoo-provided phpBB package, please refer to the Portage documentation on unmasking packages and upgrade to 2.0.16.

See Also

https://www.phpbb.com/community/viewtopic.php?f=14&t=302011

https://security.gentoo.org/glsa/200507-03

Plugin Details

Severity: High

ID: 18607

File Name: gentoo_GLSA-200507-03.nasl

Version: 1.20

Type: local

Published: 7/5/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:gentoo:linux, p-cpe:/a:gentoo:linux:phpbb

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/4/2005

Vulnerability Publication Date: 7/5/2005

Exploitable With

CANVAS (CANVAS)

Metasploit (phpBB viewtopic.php Arbitrary Code Execution)

Elliot (Phpbb RCE)

Reference Information

CVE: CVE-2005-2086

GLSA: 200507-03