drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen von beliebigem SQL-Code in phpbb
Name: |
Ausführen von beliebigem SQL-Code in phpbb
|
|
ID: |
200306-15 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
So, 29. Juni 2003, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
phpBB |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200306-15 --------------------------------------------------------------------
PACKAGE : phpbb SUMMARY : sql injection DATE : 2003-06-28 20:22 UTC EXPLOIT : remote VERSIONS AFFECTED : <phpbb-2.0.5 FIXED VERSION : >=phpbb-2.0.5 CVE : CAN-2003-0486
--------------------------------------------------------------------
quote from cve: "SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter."
SOLUTION
It is recommended that all Gentoo Linux users who are running net-www/phpbb upgrade to phpbb-2.0.5 as follows
emerge sync emerge phpbb emerge clean
-------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz robbat2@gentoo.org -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+/fjyfT7nyhUpoZMRAq+RAJ4r4fijIo8hJaEJq/p0DIgeRoAobQCeJBQr to/2NXfPD4yTEGDjhd+B4EQ= =Ybzs -----END PGP SIGNATURE-----
|
|
|
|