Date: Sat, 04 May 2013 17:22:36 -0500 From: John Lightsey <john@...nuts.net> To: oss-security@...ts.openwall.com Subject: CVE Request: YaBB 2.5.2 and earlier arbitrary code execution Hi everyone, Yet another Bulletin Board (YaBB) 2.5.2 and earlier allow arbitrary code execution through a combination of file uploads with predictable locations and unsanitized use of the "guestlanguage" cookie in file paths. This problem is similar to CVE-2007-3295. References: http://www.yabbforum.com/community/YaBB.pl?num=1367511332 http://www.carsten-dalgaard.dk/cgi-bin/yabb2/YaBB.pl?num=1367511256 The vulnerability can be mitigated by setting the $enable_guestlanguage variable to 0 in the YaBB configuration or applying the patch provided in the links. Download attachment "signature.asc" of type "application/pgp-signature" (901 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.