Major BBS Forum Op Arbitrary File Retrieval

1993-01-01T00:00:00
ID OSVDB:7760
Type osvdb
Reporter OSVDB
Modified 1993-01-01T00:00:00

Description

Vulnerability Description

Major BBS contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a designated Forum Op attaches an arbitrary file to his forum, which will disclose the contents of the file resulting in a loss of confidentiality.

Technical Description

This vulnerability requires an attacker to have Forum Op access which must be granted by the System Operator.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: restrict access to Forum Op privileges.

Short Description

Major BBS contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a designated Forum Op attaches an arbitrary file to his forum, which will disclose the contents of the file resulting in a loss of confidentiality.

Manual Testing Notes

As a Forum Op, attach an arbitrary file (such as c:\bbsv6\bbsusr.dat) and then download it.

References:

Vendor URL: http://www.gcomm.com/