Found security expliot in port phpBB 2.0.8 FreeBSD4.10

Josef El-Rayes josef at FreeBSD.org
Wed Dec 29 11:32:28 PST 2004


"Peter C. Lai" <sirmoo at cowbert.net>:
> On Mon, Dec 27, 2004 at 06:18:30PM -0800, Julian Elischer wrote:
> > might be a good idea if we "urged" users to update their phpbb  a bit 
> > more vocally.
> 
> Or if someone had been vigilant enough to add a vuxml entry about it back
> in November. Waiting >30 days to update the database that portaudit uses
> is a bit longish, don't you think? The "urging" to which you refer is
> already one of the services provided by portaudit.

first of all, if you run a machine you care about, you should think
twice before installing a software which has a bad security track
as phpBB has. secondly, most of the time we do not know security
issue any earlier then they get posted to bugtraq or similiar
mailinglists, so why dont you track these lists yourself?

sometimes we are quick on documenting security issues, sometimes
we are not, but instead of complaining you should help out, if
you want to improve this.

you can also give me some money as
additional motivation, so i dont need to go working but
sit at home and improve this.

greets, josef
-- 
Josef El-Rayes                   (__)
Email:	  josef at daemon.li     \\\'',) 
Web:	  http://daemon.li/     \/  \ ^
FreeBSD   Security Team         .\._/_)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20041229/c166c763/attachment.bin


More information about the freebsd-security mailing list