phpBB avatar allows security bypass
|phpbb-avatar-bypass-security (22837)||High Risk|
phpBB is vulnerable to a security bypass. A remote attacker could create a specially-crafted avatar or image file containing a malicious script that could bypass the image security checks. A remote attacker could exploit this vulnerability to obtain sensitive information or execute arbitrary script on the victim's system.
Note:vBulletin as well as PunBB have been found to be vulnerable to this image upload handling error also.
Update to the latest version of phpBB (2.0.18 or later), available from the phpBB Web site. See References.
Update to the latest version of vBulletin (3.5.1, 3.0.10, or 2.3.8 or later), or apply patch as indicated in update information in the vBulletin 3.5.1 release. See References.
Update to the latest version of PunBB (1.2.10 or later) available from the PunBB Download site. See References.
- Full-Disclosure Mailing List, Sat Oct 22 2005 - 09:42:48 CDT: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit..
- phpBB Web site: phpBB:: Creating Communities.
- PunBB Downloads: PunBB.
- vBulletin: vBulletin 3.5.1, 3.0.10 & 2.3.8 Released.
- vBulletin Web site: Introducing vBulletin.
- BID-15170: phpBB Avatar Upload HTML Injection Vulnerability
- BID-15296: vBulletin Image Upload HTML Injection Vulnerability
- BID-15322: PunBB/Blog:CMS Image Upload HTML Injection Vulnerability
- CVE-2005-3310: Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-3312) and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in phpBB.
- DSA-925: phpbb2 -- several vulnerabilities
- SA17295: phpBB Avatar Script Insertion Vulnerability
- Debian Debian Linux 3.1
- Jelsoft Enterprises vBulletin 2.3.4 - 2.3.7
- Jelsoft Enterprises vBulletin 3.0.6 - 3.0.9
- Jelsoft Enterprises vBulletin 3.5.0
- phpBB phpBB 2.0.17
- PunBB PunBB prior to 1.2.10
Oct 22, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this