Unclassified NewsBoard abbc.conf.php file include

unclassified-abbcconf-file-include (26507) The risk level is classified as MediumMedium Risk

Description:

Unclassified NewsBoard could allow a remote attacker to include arbitrary files. If register_globals is enabled and magic_quotes_gpc is disabled, a remote attacker could send a specially-crafted URL request to the abbc.conf.php script using the ABBC parameter to specify a malicious file from the local system, which could allow the attacker to obtain sensitive information or execute arbitrary code on the vulnerable Web server.

Note: In order to exploit this vulnerability to execute arbitrary code, the attacker would first be required to upload a malicious file or inject arbitrary commands into an existing file.

Platforms Affected:

  • NewsBoard, Unclassified NewsBoard 1.6.1patch1

Remedy:

Upgrade to the latest version of Unclassified NewsBoard (1.62 or later), as listed in UN[CLASSIFIED] NEWSBOARD Forum, 2006-05-11, 18:12. See References.

Consequences:

Gain Access

References:

  • BugTraq Mailing List, Thu May 11 2006 - 01:14:36 CDT, Unclassified NewsBoard <= 1.6.1 patch 1 ABBC[Config][smileset] arbitrary local inclusion at http://archives.neohapsis.com/archives/bugtraq/2006-05/0213.html.
  • UN[CLASSIFIED] NEWSBOARD Forum, 2006-05-11, 18:12, New development version fixes security issue at http://newsboard.unclassified.de/forum/post/6499.
  • BID-17947: Unclassified NewsBoard ABBC.CSS.PHP Local File Include Vulnerability
  • CVE-2006-2405: Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php.
  • OSVDB ID: 25494: Unclassified NewsBoard unb_lib/abbc.css.php Multiple Variable Local File Inclusion
  • SA20090: Unclassified NewsBoard "ABBC[Config][smileset]" Local File Inclusion
  • VUPEN/ADV-2006-1782: Unclassified NewsBoard ABBC[Config][smileset] File Inclusion Vulnerability

Reported:

May 11, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page