Bug#463589: phpbb2: CVE-2008-0471 XSRF vulnerability exploitable via crafted private message
On Fri, February 8, 2008 14:26, Nico Golde wrote: Thijs, ping? :) Working on it; expect results later today. Thijs
Bug#463589: phpbb2: CVE-2008-0471 XSRF vulnerability exploitable via crafted private message
Thijs, ping? :) Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgppfes6c4nfG.pgp Description: PGP signature
Bug#463589: phpbb2: CVE-2008-0471 XSRF vulnerability exploitable via crafted private message
On Saturday 2 February 2008 12:14, Thijs Kinkhorst wrote: On Friday 1 February 2008 18:08, Nico Golde wrote: I tested this sucessfully in a local phpbb2 installation as well as on phpbb.de using two test accounts. If you fix this vulnerability please also include the CVE id in your changelog entry. Thanks Nico, I'll take care of it. Found the patch in upstream repo, will take care of this tonight. Thijs pgpvPqzRwTshb.pgp Description: PGP signature
Bug#463589: phpbb2: CVE-2008-0471 XSRF vulnerability exploitable via crafted private message
Hi Thijs, * Thijs Kinkhorst [EMAIL PROTECTED] [2008-02-05 09:20]: On Saturday 2 February 2008 12:14, Thijs Kinkhorst wrote: On Friday 1 February 2008 18:08, Nico Golde wrote: I tested this sucessfully in a local phpbb2 installation as well as on phpbb.de using two test accounts. If you fix this vulnerability please also include the CVE id in your changelog entry. Thanks Nico, I'll take care of it. Found the patch in upstream repo, will take care of this tonight. Thanks! Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpXGM2UWTobr.pgp Description: PGP signature
Bug#463589: phpbb2: CVE-2008-0471 XSRF vulnerability exploitable via crafted private message
On Friday 1 February 2008 18:08, Nico Golde wrote: I tested this sucessfully in a local phpbb2 installation as well as on phpbb.de using two test accounts. If you fix this vulnerability please also include the CVE id in your changelog entry. Thanks Nico, I'll take care of it. Thijs pgpdDEKIx8CE1.pgp Description: PGP signature
Bug#463589: phpbb2: CVE-2008-0471 XSRF vulnerability exploitable via crafted private message
Source: phpbb2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for phpbb2. CVE-2008-0471[0]: | Cross-site request forgery (CSRF) vulnerability in privmsg.php in | phpBB 2.0.22 allows remote attackers to delete private messages (PM) | as arbitrary users via a deleteall action. I tested this sucessfully in a local phpbb2 installation as well as on phpbb.de using two test accounts. If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0471 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpeedNPsQMvp.pgp Description: PGP signature
