Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > June 2005 > phpBB Group Announcement

June 2005

phpBB Group Announcement

ID: 00528
Ref: 488/2005
Date: 29 June 2005:15:20:00
Version: 1
Title: phpBB Group Announcement
Abstract: Below is an announcement received by UNIRAS from phpBB, that includes details of a vulnerability that can be patched. UNIRAS believes the vulnerability may allow a remote attacker to execute arbitrary code on a system.
Vendors affected: phpBB
Applications affected: phpBB
Title
=====

phpBB Group Announcement

Detail
======

Below is an announcement received by UNIRAS from phpBB, that includes details of a
vulnerability that can be patched. UNIRAS believes the vulnerability may allow a
remote attacker to execute arbitrary code on a system.

======

Hi everyone,
phpBB Group announces the release of phpBB 2.0.16. This release addresses some
bugfixes and one critical security issue. To fix this, please apply the following change:
In viewtopic.php
Find:
$message = str_replace('"', '"', substr(@preg_replace('#(>(((?>([^><]+|(?R)))*)<))#se',
"@preg_replace('#b(" . str_replace('\', '\\', $highlight_match) . ")b#i',
'\\1', '\0')",
'>' . $message . '<'), 1, -1));
Replace with:
$message = str_replace('"', '"', substr(@preg_replace('#(>(((?>([^><]+|(?R)))*)<))#se',
"@preg_replace('#b(" . str_replace('\', '\\', addslashes($highlight_match)) . ")b#i',
'\\1',
'\0')", '>' . $message . '<'), 1, -1));
If your mail program wraps the lines it is advised to get the fix from the official
announcement at: http://www.phpbb.com/phpBB/viewtopic.php?t=302011

We urge you to update as soon as possible. You can of course find this
download available on our downloads page (http://www.phpbb.com/downloads.php).
As per usual three packages are available to simplify your update.
The Full Package contains entire phpBB2 source and English language package.
The Changed Files Only contains only those files changed from previous versions
of phpBB. Please note this archive contains changed files for each previous release.
Patch Files contains patch compatible patches from the previous versions of phpBB.
Select whichever package is most suitable for you.
The changelog (contained within this release) is as follows:
- - Fixed critical issue with highlighting - Discovered and fix provided by Ron van Daal
- - Url descriptions able to be wrapped over more than one line again
- - Fixed bug with eAccelerator in admin_ug_auth.php
- - Check new_forum_id for existence in modcp.php - alessnet
- - Prevent uploading avatars with no dimensions - Xpert
- - Fixed bug in usercp_register.php, forcing avatar file removal without updating
avatar informations within the database - HenkPoley
- - Fixed bug in admin re-authentication redirect for servers not having index.php
as one of their default files set
As always, our Code Changes Tutorial is available too for those with heavily
modded boards.
It can be downloaded from http://www.phpbb.com/phpBB/viewtopic.php?t=301712


  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |