Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 320977 (CVE-2010-1627) - <www-apps/phpBB-3.0.7_p1: Multiple vulnerabilites (CVE-2010-{1627,1630})
Summary: <www-apps/phpBB-3.0.7_p1: Multiple vulnerabilites (CVE-2010-{1627,1630})
Status: RESOLVED FIXED
Alias: CVE-2010-1627
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL: http://www.phpbb.com/community/viewto...
Whiteboard: ~4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-05-21 22:44 UTC by Stefan Behte (RETIRED)
Modified: 2010-08-21 10:51 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-05-21 22:44:49 UTC 
CVE-2010-1627 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1627):
  feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check
  permissions for feeds, which allows remote attackers to bypass
  intended access restrictions via unspecified attack vectors related
  to permission settings on a private forum.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-05-21 22:55:23 UTC 
CVE-2010-1630 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1630):
  Unspecified vulnerability in posting.php in phpBB before 3.0.5 has
  unknown impact and attack vectors related to the use of a "forum id"
  in circumstances related to a "global announcement."
Comment 2 Steffen Schaumburg 2010-08-20 14:05:15 UTC 
You can find updated ebuilds in bug #272311
Comment 3 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-08-21 10:51:09 UTC 
+*phpBB-3.0.7_p1 (21 Aug 2010)
+
+  21 Aug 2010; Alex Legler <a3li@gentoo.org> -phpBB-3.0.4.ebuild,
+  +phpBB-3.0.7_p1.ebuild:
+  Non-maintainer commit: Version bump for security bug 320977. Also closes
+  bump request 272311, thanks to all the people there who submitted ebuilds.
+  Removing vulnerable ebuild.
+

Closing noglsa.