YaBB Forum Profile CRLF Injection Remote Privilege Escalation Vulnerability
TITLE: YaBB Forum Profile CRLF Injection Remote Privilege Escalation Vulnerability
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 12 2007 12:00AM
UPDATE: Jun 13 2007 07:29PM
CREDIT: Peter Vreugdenhil is credited with the discovery of this vulnerability.
VULNERABLE:
YaBB YaBB 2.1NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
YaBB Forum is prone to a remote privilege-escalation vulnerability because the application fails to properly sanitize user-supplied input before writing it to a configuration file.
Successfully exploiting this issue allows remote attackers to gain administrative privileges in the web application and to execute arbitrary Perl script code in the context of the hosting webserver. This may facilitate the remote compromise of affected computers.
YaBB Forum 2.1 is vulnerable to this issue; other versions may also be affected.
Exploit
Attackers can use a browser to exploit this issue.
Solution
Solution:
The vendor has released a fix for this issue. Please see the references for more information.
YaBB YaBB 2.1
- YaBB Security_Patch_05-24-07.zip
http://www.yabbforum.com/yabbfiles/Attachments/Security_Patch_05-24-07.zip
References
References:
- Security Vulnerability in YaBB 2.1 - Patch (YaBB)
- YaBB Home Page (YaBB)
- YaBB Forum member.vars CRLF Injection Privilege Escalation Vulnerability (iDefense)