LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-30-2005, 10:22 PM   #1
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
phpBB Vulnerability


Time for your regularly scheduled phpBB vuln fix...

A vulnerability has been reported in phpBB resembling the same "highlight" vulnerability that the Santy worm used to deface servers a few months back. A new version (2.0.16) has been released to fix the vulnerability. Anyone running phpBB is strongly recommended to upgrade immediately before the next malware reincarnation starts making its rounds. See the following links for more info:

http://secunia.com/advisories/15845/
http://www.phpbb.com/phpBB/viewtopic.php?t=302011
 
Old 07-01-2005, 09:07 AM   #2
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 269Reputation: 269Reputation: 269
Wow.. phpBB has had a lot of security issues lately. I think I won't be using their software any longer or recommending it until they can clear up and start having a better track record.
 
Old 07-02-2005, 01:32 AM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Original Poster
Rep: Reputation: 69
Quote:
Originally posted by trickykid
Wow.. phpBB has had a lot of security issues lately. I think I won't be using their software any longer or recommending it until they can clear up and start having a better track record.
Yeah, I would really need to put some thought into alternatives before installing phpBB. In fact, I recently needed to install a departmental messaging board and decided to go with a static HTML page rather than a more fulll featured PHP-based messaging board alternative, simply because PHP (and phpBB in particular) have a really bad years(s) in terms of security.
 
Old 07-02-2005, 01:37 AM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Original Poster
Rep: Reputation: 69
Well that didn't take very long...

Exploit code for the new viewtopic vuln is now available and a new worm is reportedly in the wild, though initial reports indicate that it functions similarly to the anti-Santy worm and patches vulnerable versions (along with defacing your web content of course). All phpBB users are strongly recommended to upgrade to version 2.0.16 immediately.

Last edited by Capt_Caveman; 07-02-2005 at 01:39 AM.
 
Old 08-20-2005, 01:04 PM   #5
bambeklis
Member
 
Registered: Aug 2005
Posts: 58

Rep: Reputation: 15
wow awesome!
 
Old 09-25-2005, 07:49 PM   #6
tkedwards
Senior Member
 
Registered: Aug 2004
Location: Munich, Germany
Distribution: Opensuse 11.2
Posts: 1,549

Rep: Reputation: 52
For Mandrake/Mandriva users remember that even in 2005LE (10.2) the Mandriva phpBB packages are in contrib so they won't be updated through Mandrake Update/urpmi. Easy to get caught out by this!

Last edited by tkedwards; 09-25-2005 at 07:51 PM.
 
Old 10-08-2005, 12:22 PM   #7
aq_mishu
Member
 
Registered: Sep 2005
Location: Bangladesh
Distribution: RH 7.2, 8, 9, Fedora
Posts: 217

Rep: Reputation: 30
Yup. But they have released a new version.. 2.0.17... i think it is with the bug fix...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
phpBB Compromise chris_yumm Linux - Security 6 07-22-2005 12:54 AM
PhpBB m3trj Linux - Software 1 03-08-2005 02:55 PM
phpBB help?? halo14 Linux - General 2 01-26-2005 05:04 PM
phpbb... xconspirisist LQ Suggestions & Feedback 12 11-24-2003 01:22 PM
phpBB nautilus_1987 Linux - Software 18 09-23-2003 08:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration