Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <51858A2C.6090802@nixnuts.net>
Date: Sat, 04 May 2013 17:22:36 -0500
From: John Lightsey <john@...nuts.net>
To: oss-security@...ts.openwall.com
Subject: CVE Request: YaBB 2.5.2 and earlier arbitrary code execution

Hi everyone,

Yet another Bulletin Board (YaBB) 2.5.2 and earlier allow arbitrary code
execution through a combination of file uploads with predictable
locations and unsanitized use of the "guestlanguage" cookie in file paths.

This problem is similar to CVE-2007-3295.


References:

http://www.yabbforum.com/community/YaBB.pl?num=1367511332

http://www.carsten-dalgaard.dk/cgi-bin/yabb2/YaBB.pl?num=1367511256


The vulnerability can be mitigated by setting the $enable_guestlanguage
variable to 0 in the YaBB configuration or applying the patch provided
in the links.


Download attachment "signature.asc" of type "application/pgp-signature" (901 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.