Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 11 Oct 2010 15:28:51 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: usebb before 1.0.11 unauthorized
 access to content


----- "Hanno Böck" <hanno@...eck.de> wrote:

> http://www.usebb.net/community/topic.php?id=2501
> 
> A security issue has been discovered in UseBB 1.0.10 with per forum and
> topic RSS feeds in combination with restricted forum access permissions,
> giving users access to post contents that should remain hidden. Anyone
> having a restricted "read" permission set but NOT an equal or more
> restricted "view" one is prone to this issue.
> 

Here is a slightly better description here:
http://www.usebb.net/community/topic-2495.html

Please use CVE-2010-3713 for this.

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ