FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Bug Reports » Critical error in fudforum?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Critical error in fudforum? [message #26822] Tue, 16 August 2005 09:10 Go to previous message
icarus is currently offline  icarus   Germany
Messages: 52
Registered: May 2005
Karma:
Member

Hi!

I just searched the web for popular sites that use fud when I found the following: http://secunia.com/advisories/16414/
Zitat:

Alexander Heidenreich has discovered a vulnerability in FUDforum, which can be exploited by malicious people to bypass certain security restrictions.

Input passed to the "mid" parameter isn't properly validated before being used to retrieve a forum post. This can be exploited to view messages that are posted in private forums.

Successful exploitation requires that the "Tree View" feature is enabled.

The vulnerability has been confirmed in version 2.6.15. Other versions may also be affected.


Under http://packetstorm.linuxsecurity.com/0508-exploits/fudForum.txt you can find a patch for this bug.

Secunia declares this bug as: "Solution Status: Unpatched"

Bye!

Michael
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Problem with pruning topics
Next Topic: V2.7.0RC1 - parse error trying to create forum data dump
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Dec 01 06:56:20 GMT 2024

Total time taken to generate the page: 0.04819 seconds