Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > December 2005 > Two Debian Security Advisories: 1. DSA 924-1 - nbd 2. DSA 925-1 - phpbb2

December 2005

Two Debian Security Advisories: 1. DSA 924-1 - nbd 2. DSA 925-1 - phpbb2

ID: 01132
Ref: 1062/2005
Date: 22 December 2005:12:52:35
Version: 1
Title: Two Debian Security Advisories: 1. DSA 924-1 - nbd 2. DSA 925-1 - phpbb2
Abstract:
Vendors affected: Debian
Operating systems affected: Debian
Applications affected: Debian
Title
=====

Two Debian Security Advisories:

1. DSA 924-1 - nbd

2. DSA 925-1 - phpbb2

Detail
======

1. Kurt Fitzner discovered a buffer overflow in nbd, the network block
device client and server that could potentially allow arbitrary cod on
the NBD server.

2. Several vulnerabilities have been discovered in phpBB, a fully
featured and skinnable flat webforum,



1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 924-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
December 21st, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : nbd
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-3354

Kurt Fitzner discovered a buffer overflow in nbd, the network block
device client and server that could potentially allow arbitrary cod on
the NBD server.

For the old stable distribution (woody) this problem has been fixed in
version 1.2cvs20020320-3.woody.3.

For the stable distribution (sarge) this problem has been fixed in
version 2.7.3-3sarge1.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your nbd-server package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/n/nbd/nbd_1.2cvs20020320-3.woody.3.dsc
Size/MD5 checksum: 687 6dcd2a3baa73279ca4e39ab96c026b60
http://security.debian.org/pool/updates/main/n/nbd/nbd_1.2cvs20020320-3.woody.3.diff.gz
Size/MD5 checksum: 30913 26fa07e9e96cde5132622a7d186a67e1
http://security.debian.org/pool/updates/main/n/nbd/nbd_1.2cvs20020320.orig.tar.gz
Size/MD5 checksum: 14493 caf7ed3127aaccf796755f7f87303f08

Alpha architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_alpha.deb
Size/MD5 checksum: 18748 0a09bbb1b81a822cd7663e0975e9df0b
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_alpha.deb
Size/MD5 checksum: 21634 bdd0c5342eba10189f849886451c6f1c

ARM architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_arm.deb
Size/MD5 checksum: 18560 19baa7bbe2bc5feb6493515cc0d7cc78
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_arm.deb
Size/MD5 checksum: 21788 8cf08aaa0882a4617e90e88dad0bbbdd

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_i386.deb
Size/MD5 checksum: 18030 9072cdbea8eb22845b8655866d53ae0a
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_i386.deb
Size/MD5 checksum: 20582 9639c82c93ad346bcaa5f9e087cf2d6f

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_ia64.deb
Size/MD5 checksum: 19664 9e1a5b67a2b88f11df4076b180d13844
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_ia64.deb
Size/MD5 checksum: 23444 cb5f35035a5d0b13b5008ef7d594569b

HP Precision architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_hppa.deb
Size/MD5 checksum: 19424 b51c112a2772b794bed9c258eebd9743
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_hppa.deb
Size/MD5 checksum: 23638 93ab54726937a3e6a0b7a42f96289a19

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_m68k.deb
Size/MD5 checksum: 17810 70d63f64779c07ecc9476b977d4cfd9a
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_m68k.deb
Size/MD5 checksum: 20316 6fd61cce211c387a5b5e2dceb507add8

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_mips.deb
Size/MD5 checksum: 18476 31c0c19d5e045f29df3c3e847478de4d
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_mips.deb
Size/MD5 checksum: 22492 802b13c3789752f8f6f5a0c7f348d236

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_mipsel.deb
Size/MD5 checksum: 18600 bfb0a393eca00c3d412b46d5f6a49f64
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_mipsel.deb
Size/MD5 checksum: 22614 18dc3085f9fab5b029313245485c2bfd

PowerPC architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_powerpc.deb
Size/MD5 checksum: 18212 9d095527c99f230281e9493045e03ad5
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_powerpc.deb
Size/MD5 checksum: 21640 717a26faa62a0c2f30e2b06a22302f5a

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_s390.deb
Size/MD5 checksum: 18576 72fd500fae2aa9da8ceaa19f801012ef
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_s390.deb
Size/MD5 checksum: 21530 8d86811739657d45db21e3e5a6ffd64c

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_sparc.deb
Size/MD5 checksum: 20846 75daa235eb13a283694a707d71054799
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_sparc.deb
Size/MD5 checksum: 23606 d2ab7cd4affb84b6bd0c582eb2efeda9


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/n/nbd/nbd_2.7.3-3sarge1.dsc
Size/MD5 checksum: 582 5228f8d1d674a497d526da2ab1196fe3
http://security.debian.org/pool/updates/main/n/nbd/nbd_2.7.3-3sarge1.diff.gz
Size/MD5 checksum: 33311 eab56e6a399e1d04aff74c38079f5348
http://security.debian.org/pool/updates/main/n/nbd/nbd_2.7.3.orig.tar.gz
Size/MD5 checksum: 131301 dcfe67fce628c1292a0a6900035c34bf

Alpha architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_alpha.deb
Size/MD5 checksum: 27506 c0fd136965bd1d14800a75a5d729bf74
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_alpha.deb
Size/MD5 checksum: 30876 c41b9c2fc22c9b80a511ee65014f62b5

AMD64 architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_amd64.deb
Size/MD5 checksum: 26990 df0b97efff9ffe9927f0562d2213b9dd
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_amd64.deb
Size/MD5 checksum: 29754 4ff852c2fe29191683baff854fc06df3

ARM architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_arm.deb
Size/MD5 checksum: 27654 1c93922189a8496aabc4eee69f0b4305
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_arm.deb
Size/MD5 checksum: 31310 484a76530e7b1f0561384d624c66fe58

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_i386.deb
Size/MD5 checksum: 27124 275730b63ee26ef18f731fbeab0925c1
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_i386.deb
Size/MD5 checksum: 30422 55b896c511f5ece40d3cfd2f77165a55

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_ia64.deb
Size/MD5 checksum: 28500 403985e53f8972b82a331693d0500b06
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_ia64.deb
Size/MD5 checksum: 32996 ef27bfdd558d794dd483f54e11633971

HP Precision architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_hppa.deb
Size/MD5 checksum: 28826 60dc0033da1c2c050a7aac6d3a1ff646
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_hppa.deb
Size/MD5 checksum: 33710 2fb01540fab2b41ee3a48dc089c868bd

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_m68k.deb
Size/MD5 checksum: 26826 c5428746a99f29b5461bf3a9c3b5f6c6
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_m68k.deb
Size/MD5 checksum: 29430 3336dafb07d97d1813087b57ef761087

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_mips.deb
Size/MD5 checksum: 28288 e7d549d6c86d1464bd3bd78ee78404fd
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_mips.deb
Size/MD5 checksum: 33158 0bab7d80ae8ac6383629156dcbf57417

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_mipsel.deb
Size/MD5 checksum: 28404 f97df7882ca96efa8de68fff5362f793
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_mipsel.deb
Size/MD5 checksum: 33264 67ca57992716cbc8db003919971334b5

PowerPC architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_powerpc.deb
Size/MD5 checksum: 27662 36cb66e92206ac2ba53d9a68189c7c6d
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_powerpc.deb
Size/MD5 checksum: 31792 6a54ba55f53d0c2bdacc4671f9e19556

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_s390.deb
Size/MD5 checksum: 28070 9eac3da9c6a3317adbf5f5f13e0474aa
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_s390.deb
Size/MD5 checksum: 32182 465fa1a61067df58bdb040df91cf8500

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_sparc.deb
Size/MD5 checksum: 27242 d5f6043f000bd3da265b878236a5b0ca
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_sparc.deb
Size/MD5 checksum: 30632 fb1a2075636e1cef4a86e56ed0aa11fe


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDqWEMW5ql+IAeqTIRAlD0AKCm4EpUrY+1FmeLCfsqJBpn8yzpTwCfbunB
cH/rZ2YbvAO725kMDkrZUMM=
=IIoz
- -----END PGP SIGNATURE-----


2.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 925-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
December 22nd, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : phpbb2
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-3310 CVE-2005-3415 CVE-2005-3416 CVE-2005-3417
CVE-2005-3418 CVE-2005-3419 CVE-2005-3420 CVE-2005-3536
CVE-2005-3537
BugTraq IDs : 15170 15243
Debian Bugs : 35662 336582 336587

Several vulnerabilities have been discovered in phpBB, a fully
featured and skinnable flat webforum,

The Common Vulnerabilities and Exposures project identifies the
following problems:


CVE-2005-3310

Multiple interpretation errors allow remote authenticated users to
inject arbitrary web script when remote avatars and avatar
uploading are enabled.

CVE-2005-3415

phpBB allows remote attackers to bypass protection mechanisms that
deregister global variables that allows attackers to manipulate
the behaviour of phpBB.

CVE-2005-3416

phpBB allows remote attackers to bypass security checks when
register_globals is enabled and the session_start function has not
been called to handle a session.

CVE-2005-3417

phpBB allows remote attackers to modify global variables and
bypass security mechanisms.

CVE-2005-3418

Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web scripts.

CVE-2005-3419

An SQL injection vulnerability allows remote attackers to execute
arbitrary SQL commands.

CVE-2005-3420

phpBB allows remote attackers to modify regular expressions and
execute PHP code via the signature_bbcode_uid parameter.

CVE-2005-3536

Missing input sanitising of the topic type allows remote attackers
to inject arbitrary SQL commands.

CVE-2005-3537

Missing request validation permitted remote attackers to edit
private messages of other users.

The old stable distribution (woody) does not contain phpbb2 packages.

For the stable distribution (sarge) these problems have been fixed in
version 2.0.13+1-6sarge2.

For the unstable distribution (sid) these problems have been fixed in
version 2.0.18-1.

We recommend that you upgrade your phpbb2 packages.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13+1-6sarge2.dsc
Size/MD5 checksum: 783 84a0dab5af965cf6ff418c2b2383a9ee
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13+1-6sarge2.diff.gz
Size/MD5 checksum: 64580 e644237009e5eff92b86f21a5f6f4cbe
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13+1.orig.tar.gz
Size/MD5 checksum: 3340445 678d0cb0372e46402a472c510fb90d78

Architecture independent components:

http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2-conf-mysql_2.0.13-6sarge2_all.deb
Size/MD5 checksum: 37474 4cbfd2fe1e336214a3defddeff55ce65
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2-languages_2.0.13-6sarge2_all.deb
Size/MD5 checksum: 2873096 f71e21b77d9f5bffa076a25d6687b4c2
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13-6sarge2_all.deb
Size/MD5 checksum: 525514 f88101af29bf00db9a8fdb264e35d891


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDqmF8W5ql+IAeqTIRAma4AKCU6XUWusnHBhS/v+jJUcm6hNPN6gCePKaF
2Bpd+e2RN8NYv6DkkYUmJFg=
=usra
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |