Secunia Logo
Netsikker nu! 2008
 
Debian update for phpbb2
Secunia Advisory: SA18098
Release Date: 2005-12-22
Popularity: 6,662 views

Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Manipulation of data
System access
Where: From remote
Solution Status: Vendor Patch

OS:Debian GNU/Linux 3.1
Debian GNU/Linux unstable alias sid

Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2005-3310
CVE-2005-3415
CVE-2005-3416
CVE-2005-3417
CVE-2005-3418
CVE-2005-3419
CVE-2005-3420
CVE-2005-3536
CVE-2005-3537


Description:
Debian has issued an update for phpbb2. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting, script insertion, and SQL injection attacks, bypass certain security restrictions, and compromise a vulnerable system.

For more information:
SA17295
SA17366

Solution:
Apply updated packages.

-- Debian GNU/Linux 3.1 alias sarge --

Source archives:

http://security.debian.org/pool/updat.../p/phpbb2/phpbb2_2.0.13+1-6sarge2.dsc
Size/MD5 checksum: 783 84a0dab5af965cf6ff418c2b2383a9ee
http://security.debian.org/pool/updat...hpbb2/phpbb2_2.0.13+1-6sarge2.diff.gz
Size/MD5 checksum: 64580 e644237009e5eff92b86f21a5f6f4cbe
http://security.debian.org/pool/updat.../p/phpbb2/phpbb2_2.0.13+1.orig.tar.gz
Size/MD5 checksum: 3340445 678d0cb0372e46402a472c510fb90d78

Architecture independent components:

http://security.debian.org/pool/updat...bb2-conf-mysql_2.0.13-6sarge2_all.deb
Size/MD5 checksum: 37474 4cbfd2fe1e336214a3defddeff55ce65
http://security.debian.org/pool/updat...pbb2-languages_2.0.13-6sarge2_all.deb
Size/MD5 checksum: 2873096 f71e21b77d9f5bffa076a25d6687b4c2
http://security.debian.org/pool/updat.../phpbb2/phpbb2_2.0.13-6sarge2_all.deb
Size/MD5 checksum: 525514 f88101af29bf00db9a8fdb264e35d891

-- Debian GNU/Linux unstable alias sid --

Fixed in version 2.0.18-1.

Original Advisory:
http://www.debian.org/security/2005/dsa-925

Other References:
SA17295:
http://secunia.com/advisories/17295/

SA17366:
http://secunia.com/advisories/17366/


Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

7th Oct, 2008
New advisories: 19
New vulnerabilities: 68
Updated advisories: 62

Moderately // 389 views
Debian update for php5
Moderately // 313 views
Atarone CMS Multiple Vulnerabilities
Moderately // 341 views
Debian update for squid
Less // 337 views
SUSE update for mercurial
Moderately // 385 views
SUSE update for openssh
Less // 314 views
Fedora update for mediawiki

Solutions | More...  


Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. ArticleBeach Script "page" File Inclusion Vulnerability // 76 views
2. phpBB "url" bbcode Script Insertion Vulnerability // 70 views
3. phpBB BBcode "url" Script Insertion Vulnerability // 63 views
4. phpBB Two Security Bypass Vulnerabilities // 45 views
5. Juniper Products Neighbor Discovery Protocol Neighbor Solicitation Vulnerability // 31 views
6. Debian update for php5 // 28 views
7. MetaGauge Directory Traversal Vulnerability // 27 views
8. Debian update for squid // 26 views
9. HP-UX NFS/ONCplus Denial of Service Vulnerability // 25 views
10. SUSE update for dovecot and graphicsmagic // 24 views