Debian Security Advisory DSA 2752-1 (phpbb3 - Permissions Too Wide) Network Vulnerability

Summary

Andreas Beckmann discovered that phpBB, a web forum, as installed in Debian, sets incorrect permissions for cached files, allowing a malicious local user to overwrite them.

Solution

For the oldstable distribution (squeeze), this problem has been fixed in version 3.0.7-PL1-4+squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 3.0.10-4+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 3.0.11-4. We recommend that you upgrade your phpbb3 packages.

Insight

phpBB is a high powered, fully scalable, and highly customizable bulletin board, with a user-friendly interface, simple and straightforward administration panel, and helpful FAQ.

Affected

phpbb3 on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2013/dsa-2752.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5724
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 2752-1 (phpbb3 - permissions too wide)

Take action and discover your vulnerabilities