FUDforum: Bug Reports » Critical error in fudforum?

Home » FUDforum Development » Bug Reports » Critical error in fudforum?

Show: Today's Messages :: Polls :: Message Navigator

Critical error in fudforum? [message #26822]

Tue, 16 August 2005 09:10

icarus

Messages: 52
Registered: May 2005

Karma:

Member

Hi!

I just searched the web for popular sites that use fud when I found the following: http://secunia.com/advisories/16414/

Zitat:

Alexander Heidenreich has discovered a vulnerability in FUDforum, which can be exploited by malicious people to bypass certain security restrictions.

Input passed to the "mid" parameter isn't properly validated before being used to retrieve a forum post. This can be exploited to view messages that are posted in private forums.

Successful exploitation requires that the "Tree View" feature is enabled.

The vulnerability has been confirmed in version 2.6.15. Other versions may also be affected.

Under http://packetstorm.linuxsecurity.com/0508-exploits/fudForum.txt you can find a patch for this bug.

Secunia declares this bug as: "Solution Status: Unpatched"

Bye!

Michael

Report message to a moderator

[Message index]

		Critical error in fudforum? By: icarus on Tue, 16 August 2005 09:10
		Re: Critical error in fudforum? By: Ilia on Tue, 16 August 2005 13:10
		Re: Critical error in fudforum? By: AutoHost on Mon, 22 August 2005 15:25
		Re: Critical error in fudforum? By: Ilia on Mon, 22 August 2005 16:14
		Re: Critical error in fudforum? By: AutoHost on Mon, 22 August 2005 19:23

Previous Topic:	Problem with pruning topics
Next Topic:	V2.7.0RC1 - parse error trying to create forum data dump

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Thu Sep 19 16:35:45 GMT 2024

Total time taken to generate the page: 0.04029 seconds