lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20041118123055.28647.qmail@mail.securityfocus.com>
Date: Thu, 18 Nov 2004 12:33:45 -0000
From: "Paul S. Owen" <paul0x01@...rstreak.net>
To: <bugtraq@...urityfocus.com>
Subject: EXEC exploit in phpBB - fix


Following additional information supplied to us by a party other than
"howdark.com" we can confirm the existence of a serious exploit in phpBB, in
all versions below 2.0.11.

We will not post concept of proof information given the seriousness of this
issue. Unfortunately howdark.com group have chosen to as a personal vendetta
against phpbb.com.

We are preparing full, changed files and patch based releases which fix this
issue (and several other bugs/issues). While we are testing this we urge all
phpBB users to implement the fix given in the following announcement at
phpbb.com:

http://www.phpbb.com/phpBB/viewtopic.php?t=240513

Please spread this information far and wide, all hosting providers if
possible please inform your users. Anyone copying the howdark.com exploit
_please_ ensure you also include details of the fix noted in the above post!

PS: Thanks to the bugtraq moderators for moderating out a previous post of
mine, ta muchly for that :)



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ