Date: Sat, 04 May 2013 17:22:36 -0500 From: John Lightsey <john@...nuts.net> To: oss-security@...ts.openwall.com Subject: CVE Request: YaBB 2.5.2 and earlier arbitrary code execution Hi everyone, Yet another Bulletin Board (YaBB) 2.5.2 and earlier allow arbitrary code execution through a combination of file uploads with predictable locations and unsanitized use of the "guestlanguage" cookie in file paths. This problem is similar to CVE-2007-3295. References: http://www.yabbforum.com/community/YaBB.pl?num=1367511332 http://www.carsten-dalgaard.dk/cgi-bin/yabb2/YaBB.pl?num=1367511256 The vulnerability can be mitigated by setting the $enable_guestlanguage variable to 0 in the YaBB configuration or applying the patch provided in the links. Download attachment "signature.asc" of type "application/pgp-signature" (901 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.