[27619] in bugtraq
Re: Privilege Escalation Vulnerability In phpBB 2.0.0
daemon@ATHENA.MIT.EDU (x x)
Mon Oct 28 15:51:21 2002
Message-ID: <20021028193402.61953.qmail@web13208.mail.yahoo.com>
Date: Mon, 28 Oct 2002 11:34:02 -0800 (PST)
From: x x <hellokitty998877@yahoo.com>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Hi,
> Note: phpBB versions above 2.0.0 are not vulnerable.
Note that there are alot of modified/hacked versions
of phpbb floating around the Net, such as the
phpbbtonuke port for phpnuke. The phpbb port for
phpnuke55 and 56 uses phpbb2.0, and there is no patch
or available port upgrade.
As a workaround solution, you can restrict access to
the admin directory by using Apache htaccess basic
auth (see mod_access, mod_auth, htpasswd). Might want
to do this anyway even if you do upgrade to a more
recent phpbb package (layered security is a good
thing).
Regards,
kw
P.S. Don't bother replying to the disposable
hellokitty998877 email account. Send replies to
ken . williams at ey . com
__________________________________________________
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
