Your message dated Fri, 11 Feb 2005 21:20:48 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#294690: CAN-2005-0300: Directory traversal in JSBoard
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 11 Feb 2005 05:27:34 +0000
>From [EMAIL PROTECTED] Thu Feb 10 21:27:34 2005
Return-path: <[EMAIL PROTECTED]>
Received: from luonnotar.infodrom.org [195.124.48.78]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CzTL4-0001qv-00; Thu, 10 Feb 2005 21:27:34 -0800
Received: by luonnotar.infodrom.org (Postfix, from userid 10)
id C7F3A366B78; Fri, 11 Feb 2005 06:27:36 +0100 (CET)
Received: at Infodrom Oldenburg (/\##/\ Smail-3.2.0.102 1998-Aug-2 #2)
from infodrom.org by finlandia.Infodrom.North.DE
via smail from stdin
id <[EMAIL PROTECTED]>
for [EMAIL PROTECTED]; Fri, 11 Feb 2005 06:22:26 +0100 (CET)
Date: Fri, 11 Feb 2005 06:22:26 +0100
From: Martin Schulze <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: CAN-2005-0300: Directory traversal in JSBoard
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
X-Debbugs-Cc: [EMAIL PROTECTED]
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: jsboard
Version: 2.0.10-2
Severity: grave
Tags: sarge sid security patch
Please fix the directory traversal vulnerability.
http://marc.theaimsgroup.com/?l=bugtraq&m=110627201120011&w=2
Details
=======
PHP has a feature discarding the input values containing null characters
when magic_quotes_gpc = off. Because JSBoard session.php doesn't sanitize
$table variable, a malicious attacker can read arbitrary files.
---
include_once "include/print.php";
parse_query_str();
$opt = $table ? "&table=$table" : "";
$opts = $table ? "?table=$table" : "";
...snip...
---
This is CAN-2005-0300
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0300
Reference: BUGTRAQ:20050120 STG Security Advisory: [SSA-20050120-22] JSBoard
file disclosure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110627201120011&w=2
Reference: BID:12319
Reference: URL:http://www.securityfocus.com/bid/12319
Reference: XF:jsboard-session-file-include(18990)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18990
Regards,
Joey
--
The good thing about standards is that there are so many to choose from.
-- Andrew S. Tanenbaum
Please always Cc to me when replying to me on the lists.
---------------------------------------
Received: (at 294690-done) by bugs.debian.org; 11 Feb 2005 20:27:27 +0000
>From [EMAIL PROTECTED] Fri Feb 11 12:27:27 2005
Return-path: <[EMAIL PROTECTED]>
Received: from luonnotar.infodrom.org [195.124.48.78]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CzhNu-0000wS-00; Fri, 11 Feb 2005 12:27:27 -0800
Received: by luonnotar.infodrom.org (Postfix, from userid 10)
id EB8DF366B65; Fri, 11 Feb 2005 21:27:29 +0100 (CET)
Received: at Infodrom Oldenburg (/\##/\ Smail-3.2.0.102 1998-Aug-2 #2)
from infodrom.org by finlandia.Infodrom.North.DE
via smail from stdin
id <[EMAIL PROTECTED]>
for [EMAIL PROTECTED]; Fri, 11 Feb 2005 21:20:49 +0100 (CET)
Date: Fri, 11 Feb 2005 21:20:48 +0100
From: Martin Schulze <[EMAIL PROTECTED]>
To: Joey Hess <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: Bug#294690: CAN-2005-0300: Directory traversal in JSBoard
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Joey Hess wrote:
> > http://marc.theaimsgroup.com/?l=bugtraq&m=110627201120011&w=2
> >
> > Details
> > =======
> > PHP has a feature discarding the input values containing null characters
> > when magic_quotes_gpc = off. Because JSBoard session.php doesn't sanitize
> > $table variable, a malicious attacker can read arbitrary files.
> >
> > ---
> > include_once "include/print.php";
> > parse_query_str();
> > $opt = $table ? "&table=$table" : "";
> > $opts = $table ? "?table=$table" : "";
> > ...snip...
> > ---
> >
> > This is CAN-2005-0300
> > URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0300
> >
> > Reference: BUGTRAQ:20050120 STG Security Advisory: [SSA-20050120-22]
> > JSBoard file disclosure
> > Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110627201120011&w=2
> > Reference: BID:12319
> > Reference: URL:http://www.securityfocus.com/bid/12319
> > Reference: XF:jsboard-session-file-include(18990)
> > Reference: URL:http://xforce.iss.net/xforce/xfdb/18990
>
> Wasn't this fixed in version 2.0.10-1?
Uh. Yes, looks so. When I checked this morning I only saw
the vulnerable bits but not the fix in the middle since it
didn't look sufficiently obvious.
Sorry for the noise.
Regards,
Joey
--
The good thing about standards is that there are so many to choose from.
-- Andrew S. Tanenbaum
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
