phpBB Attachment Mod mod_mime Arbitrary File Upload

2004-12-15T00:00:00
ID OSVDB:12333
Type osvdb
Reporter Jeremy Bae(swbae@stgsecurity.com)
Modified 2004-12-15T00:00:00

Description

Vulnerability Description

phpBB Attachment Mod contains a flaw that may allow a malicious user to execute arbitrary code under the web server account. The issue is triggered when an attacker is able to upload a file with a double extension (e.g., file.php.rar). It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Technical Description

The Apache mod_mime module considers double-extension files like file.php.rar to be valid PHP files, and actually executes the arbitrary code that has been uploaded.

Solution Description

Upgrade to version 2.3.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

phpBB Attachment Mod contains a flaw that may allow a malicious user to execute arbitrary code under the web server account. The issue is triggered when an attacker is able to upload a file with a double extension (e.g., file.php.rar). It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

References:

Secunia Advisory ID:13421 Related OSVDB ID: 12332 Other Advisory URL: http://www.opentools.de/board/viewtopic.php?t=3590 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=110321557806215&w=2 ISS X-Force ID: 18438 CVE-2004-1404 Bugtraq ID: 11893