Gentoo Security Advisory GLSA 200507-03 (phpBB)

2008-09-2400:00:00

plugins.openvas.org

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.152 Low

EPSS

Percentile

95.8%

JSON

The remote host is missing updates announced in
advisory GLSA 200507-03.

# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.54979");
  script_version("2023-07-19T05:05:15+0000");
  script_cve_id("CVE-2005-2086");
  script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
  script_tag(name:"creation_date", value:"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_name("Gentoo Security Advisory GLSA 200507-03 (phpBB)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2008 E-Soft Inc.");
  script_family("Gentoo Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
  script_tag(name:"insight", value:"A vulnerability in phpBB allows a remote attacker to execute arbitrary
commands with the rights of the web server.");
  script_tag(name:"solution", value:"The phpBB package is no longer supported by Gentoo Linux and has been
removed from the Portage repository, no further announcements will be
issued regarding phpBB updates. Users who wish to continue using phpBB are
advised to monitor and refer to the vendor homepage linked in the references for more information.

To continue using the Gentoo-provided phpBB package, please refer to the
Portage documentation on unmasking packages and upgrade to 2.0.16.");

  script_xref(name:"URL", value:"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200507-03");
  script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=97278");
  script_xref(name:"URL", value:"http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=302011");
  script_tag(name:"summary", value:"The remote host is missing updates announced in
advisory GLSA 200507-03.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("pkg-lib-gentoo.inc");
include("revisions-lib.inc");

res = "";
report = "";
report = "";
if ((res = ispkgvuln(pkg:"www-apps/phpBB", unaffected: make_list("ge 2.0.16"), vulnerable: make_list("lt 2.0.16"))) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99);
}