HTTP PHPBB Autologin User Level Priv Esc
Severity: Medium
This attack could pose a moderate security threat. It does not require immediate action.
Description
This signature detects an attempt to exploit a privilege escalation vulnerability in the phpBB session.php script.
Additional Information
phpBB is an open-source Web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.
phpBB is reported prone to a privilege escalation vulnerability. The issue is reported to exist when an autologin fails. Internally the 'user_id' value is reset, but the 'user_level' value remains the same as the account that failed the autologin. This 'user_level' value is employed by the affected software to determine whether privileged functionality is rendered or not.
A remote attacker may potentially exploit this vulnerability to gain access to parts of the affected Web site that should only be visible to a Web site administrator. Although unconfirmed, it is reported that it may also be possible to leverage this vulnerability to execute administrative functionality on the affected site.
Information harvested through exploitation of this vulnerability may be employed to aid in further attacks against the affected site.
This vulnerability is reported to affect phpBB versions up to 2.0.13.
Affected:
phpBB Group phpBB 2.0 Beta 1, 2.0 RC1, 2.0 RC2, 2.0 RC3, 2.0 RC4, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.6 c, 2.0.6 d, 2.0.7, 2.0.7 a, 2.0.8, 2.0.8 a, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13
Response
Workaround:
It is reported that affected users may address this vulnerability by adding $userdata['user_level'] = USER; after every $userdata['user_id'] = ANONYMOUS; in session.php. The integrity or viability of this workaround is not verified by Symantec.
Possible False Positives
There are no known false positives associated with this signature.
Additional References
|
