Found security expliot in port phpBB 2.0.8 FreeBSD4.10

Peter C. Lai sirmoo at cowbert.net
Mon Dec 27 18:06:22 PST 2004


This was added to vuxml on dec 22 but the vulnerability was discovered on
nov. 18.

On Mon, Dec 27, 2004 at 03:36:42PM -0700, estover at nativenerds.com wrote:
> I think, there is a neat exploit in the phpbb2.0.8 because I found my home
> page defaced one dark morning. The patch for phpBB is here.
> http://www.phpbb.com/downloads.php
> 
> The excerpt of the log is attached.
> 
> I believe the link to the described exploit is here.
> http://secunia.com/advisories/13239
> 
> The defacement braggen page is here filter to show the exploited FreeBSD
> machines that aneurysm.inc has defaced 
> http://www.zone-h.org/en/defacements/filter/filter_defacer=aneurysm.inc/filter_system=FreeBSD/page=1/
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"

-- 
Peter C. Lai
University of Connecticut
Dept. of Molecular and Cell Biology
Yale University School of Medicine
SenseLab | Research Assistant
http://cowbert.2y.net/



More information about the freebsd-security mailing list