phpBB Avatar Select Arbitrary File Deletion

2005-02-21T07:34:02
ID OSVDB:14041
Type osvdb
Reporter AnthraX101()
Modified 2005-02-21T07:34:02

Description

Vulnerability Description

phpBB contains a flaw that may allow a malicious user to delete arbitrary files. The issue is triggered when a combination of flaws related to avatar selection in usercp_register.php are used to access the unlink() function. Due to the script not properly sanitizing traversal style attacks (/../), an attacker can select any file on the system to be deleted.

Solution Description

Upgrade to version 2.0.12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

phpBB contains a flaw that may allow a malicious user to delete arbitrary files. The issue is triggered when a combination of flaws related to avatar selection in usercp_register.php are used to access the unlink() function. Due to the script not properly sanitizing traversal style attacks (/../), an attacker can select any file on the system to be deleted.

References:

Vendor URL: http://www.phpbb.com/ Security Tracker: 1013262 Secunia Advisory ID:14445 Secunia Advisory ID:14362 Related OSVDB ID: 14042 Related OSVDB ID: 14038 Related OSVDB ID: 14039 Related OSVDB ID: 14040 Other Advisory URL: http://www.idefense.com/application/poi/display?id=205&type=vulnerabilities Other Advisory URL: http://www.phpbb.com/phpBB/viewtopic.php?t=265423 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200503-02.xml CVE-2005-0258