PhpBB Security Vulnerability

mqudsi

Mostly Harmless
Staff member
#1
Our research team has discovered a new (aka 0-day) vulnerability in phpBB, that affects all existing versions (including the Olympus CVS as of May 18th, 2006). :tongueout:oint:

As usual, a security bulletin has been put out, and NeoSmart Technologies urges all phpBB users to take advantage of the workaround guidelines provided in the document.

This phpBB security vulnerability has been scaled at a threat level of 6/10; allowing normal members access to privileged and restricted-access content on a phpBB forum. The bug lies in the email notification system and can be used to track comments made on any hidden posts that were once user accessible.

Earlier we brought up the possibility of the same infection in Invision Power Board, but we are pleased to have given IPB 2.1.6 a clean bill of health on this issue. Our security research team is currently analyzing the code-base of vBulletin, and we will update this post with the pertinent information once the team is done; and should it be vulnerable another security bulletin will most certainly follow.

Download: Security Vulnerablity S05180601 (PDF - 356 KB)
Support: Workaround Help
 

mqudsi

Mostly Harmless
Staff member
#2
We have submitted this issue to the phpBB developers and filed a security report there as well.
 

mqudsi

Mostly Harmless
Staff member
#3
Just a quick update:
vBulletin 3.5.x has also been thoroughly tested and traced, and no sign of this vulnerability was found: vBulletin is also secure. phpBB alone is affected by this bug.