CVE-2002-0533
CVSS5.0
发布时间 :2002-08-12 00:00:00
修订时间 :2016-10-17 22:20:32
NMCOS    

[原文]phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.


[CNNVD]PHPBB BBCode导致拒绝服务攻击漏洞(CNNVD-200208-068)

        
        phpBB是一款免费开放源代码的WEB论坛程序,由PHP编写MYSQL后台支持,可运行在多种Unix和linux操作系统下,也可运行在Microsoft window操作系统下。
        phpBB对"源代码"类的引用处理不正确,攻击者可以发送特殊格式的转义字符串可导致产生拒绝服务攻击。
        攻击者可以在任意帖子中提交[code]\0\0\0\0\0\0\0[/code]类似的代码,就可以导致数据库需要处理输入的"\0"的数量的平方,如果发送 1 MByte的数据,系统实际处理的数据将接近 1 TByte。 大量的类似输入提交就可以导致系统产生拒绝服务。如果使用多次嵌套方法就可以导致很快占用大量系统资源,导致短时间产生拒绝服务攻击。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:phpbb_group:phpbb:1.4.4
cpe:/a:phpbb_group:phpbb:1.2.1
cpe:/a:phpbb_group:phpbb:1.4.0
cpe:/a:phpbb_group:phpbb:1.4.1
cpe:/a:phpbb_group:phpbb:1.4.2
cpe:/a:phpbb_group:phpbb:1.0.0
cpe:/a:phpbb_group:phpbb:1.2.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0533
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0533
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200208-068
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0005.html
(UNKNOWN)  VULNWATCH  20020404 [VulnWatch] (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability
http://marc.info/?l=bugtraq&m=101794993119738&w=2
(UNKNOWN)  VULN-DEV  20020404 (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability
http://online.securityfocus.com/archive/1/265798
(VENDOR_ADVISORY)  BUGTRAQ  20020404 (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability
http://www.iss.net/security_center/static/8764.php
(VENDOR_ADVISORY)  XF  phpbb-bbcode-function-dos(8764)
http://www.securityfocus.com/bid/4432
(VENDOR_ADVISORY)  BID  4432
http://www.securityfocus.com/bid/4434
(UNKNOWN)  BID  4434

- 漏洞信息

PHPBB BBCode导致拒绝服务攻击漏洞
中危 设计错误
2002-08-12 00:00:00 2005-10-20 00:00:00
远程  
        
        phpBB是一款免费开放源代码的WEB论坛程序,由PHP编写MYSQL后台支持,可运行在多种Unix和linux操作系统下,也可运行在Microsoft window操作系统下。
        phpBB对"源代码"类的引用处理不正确,攻击者可以发送特殊格式的转义字符串可导致产生拒绝服务攻击。
        攻击者可以在任意帖子中提交[code]\0\0\0\0\0\0\0[/code]类似的代码,就可以导致数据库需要处理输入的"\0"的数量的平方,如果发送 1 MByte的数据,系统实际处理的数据将接近 1 TByte。 大量的类似输入提交就可以导致系统产生拒绝服务。如果使用多次嵌套方法就可以导致很快占用大量系统资源,导致短时间产生拒绝服务攻击。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 暂时停止使用BBcode标志。
        Alert7提供了第三方补丁如下:
        把773行开始的bbencode_code函数改为:
        function bbencode_code($message, $is_html_disabled)
        {
         $message = preg_replace("/\[code\](.*?)\[\/code\]/si", "
Code:
\\1

", $message);
         return $message;
        } // bbencode_code()
        厂商补丁:
        phpBB Group
        -----------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.phpbb.com/

- 漏洞信息

4271
phpBB functions.php Database Corruption DoS
Remote / Network Access Denial of Service
Loss of Integrity, Loss of Availability
Exploit Public

- 漏洞描述

phpBB contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user submits improper data within [code] tags, and will result in loss of availability for the service and potentially corrupt the underlying database.

- 时间线

2002-04-04 Unknow
2002-04-04 Unknow

- 解决方案

Upgrade to version 2.0.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

PHPBB BBCode Denial Of Service Vulnerability
Design Error 4434
Yes No
2002-04-04 12:00:00 2009-07-11 11:56:00
Discovery is credited to Whitecell Security Systems <security@whitecell.org>.

- 受影响的程序版本

phpBB Group phpBB 1.4.4
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache 1.3.9
phpBB Group phpBB 1.4.2
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache 1.3.9
phpBB Group phpBB 1.4.1
phpBB Group phpBB 1.4 .0
phpBB Group phpBB 1.2.1
phpBB Group phpBB 1.2 .0
phpBB Group phpBB 1.0 .0

- 漏洞讨论

phpBB is free, open-source web forums software that is written in PHP and backended by MySQL. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

A vulnerability exists in phpBB's implementation of BBcode which makes it possible for an attacker to starve resources on the host running the affected software. This may result in a denial of service to the webserver and possibly the underlying system if adequate resource limits are not in place.

If this issue is successfully exploited, the webserver will need to be restarted for normal functionality to resume.

- 漏洞利用

There is no exploit code required.

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站