FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.
Home » FUDforum Development » Bug Reports » Critical error in fudforum?
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
Critical error in fudforum? [message #26822] Tue, 16 August 2005 09:10 Go to next message
icarus is currently offline  icarus   Germany
Messages: 52
Registered: May 2005
Karma: 0
Member
Hi!

I just searched the web for popular sites that use fud when I found the following: http://secunia.com/advisories/16414/
Zitat:

Alexander Heidenreich has discovered a vulnerability in FUDforum, which can be exploited by malicious people to bypass certain security restrictions.

Input passed to the "mid" parameter isn't properly validated before being used to retrieve a forum post. This can be exploited to view messages that are posted in private forums.

Successful exploitation requires that the "Tree View" feature is enabled.

The vulnerability has been confirmed in version 2.6.15. Other versions may also be affected.


Under http://packetstorm.linuxsecurity.com/0508-exploits/fudForum.txt you can find a patch for this bug.

Secunia declares this bug as: "Solution Status: Unpatched"

Bye!

Michael

Report message to a moderator

Re: Critical error in fudforum? [message #26823 is a reply to message #26822] Tue, 16 August 2005 13:10 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
They are wrong, the patch posted in the report was taken directly out of FUDforum CVS and 2.7.0RC1 has the problem fixed.

FUDforum Core Developer

Report message to a moderator

Re: Critical error in fudforum? [message #26940 is a reply to message #26823] Mon, 22 August 2005 15:25 Go to previous messageGo to next message
AutoHost is currently offline  AutoHost   United States
Messages: 99
Registered: October 2002
Karma: 0
Member
Ilia,

Can you tell me if the following is correct, to patch this?

FudForum v2.3.5
tree.php.t
lines 111-122

        FROM
                {SQL_TABLE_PREFIX}msg
                LEFT JOIN {SQL_TABLE_PREFIX}users
                        ON {SQL_TABLE_PREFIX}msg.poster_id={SQL_TABLE_PREFIX}users.id
                LEFT JOIN {SQL_TABLE_PREFIX}avatar
                        ON {SQL_TABLE_PREFIX}users.avatar={SQL_TABLE_PREFIX}avatar.id
                INNER JOIN {SQL_TABLE_PREFIX}thread
                        ON {SQL_TABLE_PREFIX}msg.thread_id={SQL_TABLE_PREFIX}thread.id
                LEFT JOIN {SQL_TABLE_PREFIX}level
                        ON {SQL_TABLE_PREFIX}users.level_id={SQL_TABLE_PREFIX}level.id
        WHERE
                {SQL_TABLE_PREFIX}msg.id=".$mid." AND {SQL_TABLE_PREFIX}msg.approved='Y'");


replaced by

        FROM
                {SQL_TABLE_PREFIX}msg
                LEFT JOIN {SQL_TABLE_PREFIX}users
                        ON {SQL_TABLE_PREFIX}msg.poster_id={SQL_TABLE_PREFIX}users.id
                LEFT JOIN {SQL_TABLE_PREFIX}avatar
                        ON {SQL_TABLE_PREFIX}users.avatar={SQL_TABLE_PREFIX}avatar.id
                INNER JOIN {SQL_TABLE_PREFIX}thread
                        ON {SQL_TABLE_PREFIX}msg.thread_id={SQL_TABLE_PREFIX}thread.id
                LEFT JOIN {SQL_TABLE_PREFIX}level
                        ON {SQL_TABLE_PREFIX}users.level_id={SQL_TABLE_PREFIX}level.id
        WHERE
                {SQL_TABLE_PREFIX}msg.id=".$mid." AND {SQL_TABLE_PREFIX}msg.approved='Y' AND
                        SQL_TABLE_PREFIX}msg.thread_id=".$th"");

Report message to a moderator

Re: Critical error in fudforum? [message #26941 is a reply to message #26940] Mon, 22 August 2005 16:14 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
Almost, it should be:

{SQL_TABLE_PREFIX}msg.id=".$mid." AND {SQL_TABLE_PREFIX}msg.approved='Y' AND
{SQL_TABLE_PREFIX}msg.thread_id=".$th);

FUDforum Core Developer

Report message to a moderator

Re: Critical error in fudforum? [message #26942 is a reply to message #26941] Mon, 22 August 2005 19:23 Go to previous message
AutoHost is currently offline  AutoHost   United States
Messages: 99
Registered: October 2002
Karma: 0
Member
Thank you.

Btw, I wanted to say that this is the only FudForum security problem I've seen mentioned in the security lists I've been on for several years.

Several other forum's software I see mentioned quite a bit.

Keep up the good work.

Ron Miller
Stars! AutoHost

Report message to a moderator

  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: Problem with pruning topics
Next Topic: V2.7.0RC1 - parse error trying to create forum data dump
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Sep 08 04:48:08 GMT 2024

Total time taken to generate the page: 0.05149 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.1.3.
Copyright ©2001-2023 FUDforum Bulletin Board Software