ports/66150: [PATCH] SECURITY UPDATE ports/www/phpbb for IP spoofing vulnerablity

Xin LI delphij at frontfree.net
Sat May 1 10:57:22 PDT 2004

Also, I hope the attached patch, which mitigates session table exhaustion
which could be used in a DDoS attack after the above patch to get its
way into phpbb/files so it will be automatically patched.

I suggest to add the following item to be added into vuxml:

  <vuln vid=(A newly generated UUID?)>
    <topic>phpBB ession table exhaustion</topic>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The includes/sessions.php unnecessarily adds session item into
	session table and therefore vulnerable to a DDoS attacK.</p>
	<mlist msgid="20040421011055.GA1448 at frontfree.net">

Xin LI <delphij frontfree net>	http://www.delphij.net/
See complete headers for GPG key and other information.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-vuxml/attachments/20040502/e6d82802/attachment.bin

More information about the freebsd-vuxml mailing list