Invision Power Board Profile Updating Access Validation Vulnerability
TITLE: Invision Power Board Profile Updating Access Validation Vulnerability
CLASS: Access Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 12 2007 12:00AM
UPDATE: Jun 13 2007 05:29AM
CREDIT: iMMENSE is credited with the discovery of this vulnerability.
VULNERABLE:
Invision Power Services Invision Power Board 2.2.2NOT VULNERABLE:
Invision Power Services Invision Power Board 2.2.1
Invision Power Services Invision Power Board 2.2
Vai alla pagina originale su Security Focus
Discussion
Invision Power Board is prone to an access-validation vulnerability.
An attacker can exploit this issue to change another user's instant messenger identity. This may lead to other attacks.
This issue affects Invision Power Board 2.2.0 to 2.2.2.
Exploit
Attackers can use a browser to exploit this issue.
Solution
Solution:
The vendor released a patch to address this issue. Please see the references for more information.
Invision Power Services Invision Power Board 2.2
- Invision Power Services ipb22x_11_june_07.zip
http://forums.invisionpower.com/index.php?s=1f1e3bc9bcd3cb834ef74e5d956d6138&act=attach&type=post&id=11699
Invision Power Services Invision Power Board 2.2.1
- Invision Power Services ipb22x_11_june_07.zip
http://forums.invisionpower.com/index.php?s=1f1e3bc9bcd3cb834ef74e5d956d6138&act=attach&type=post&id=11699
Invision Power Services Invision Power Board 2.2.2
- Invision Power Services ipb22x_11_june_07.zip
http://forums.invisionpower.com/index.php?s=1f1e3bc9bcd3cb834ef74e5d956d6138&act=attach&type=post&id=11699
References
References:
- Invision Power Board Homepage (Invision Power Services )
- Invision Power Board Security Update 2.2.x (Invision Power Service )