Gentoo: 200306-15 Severe: phpBB SQL Injection Remote Threat

gentoo

July 1, 2003

QL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter.

Summary


GENTOO LINUX SECURITY ANNOUNCEMENT 200306-15


quote from cve:
"SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and 
earlier allows remote attackers to steal password hashes via the 
topic_id parameter."

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-www/phpbb upgrade to phpbb-2.0.5 as follows

emerge sync
emerge phpbb
emerge clean

aliz@gentoo.org - GnuPG key is available at   
robbat2@gentoo.org

Topics Covered

security advisory gentoo remote exploit sql injection phpbb severe risk

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity

critical

Lowest

Low

Medium

High

Critical

PACKAGE : phpbb

SUMMARY : sql injection

DATE : 2003-06-28 20:22 UTC

EXPLOIT : remote

VERSIONS AFFECTED : =phpbb-2.0.5

CVE : CAN-2003-0486

Topics Covered

security advisory gentoo remote exploit sql injection phpbb severe risk

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks