[vuxml entry] phpBB 2.0.8a ip spoofing
Frankye - ML
listsucker at ipv5.net
Tue Apr 20 06:53:56 PDT 2004
(cc-ed to the port maintainer)
Hi everyone on the list and Mr. Liu
An Ip spoofing issue was just posted on bugtraq.
The issue seems trivial, but if anyone can spoof his ip address forging a
browser header maybe an installation which make heavy use of ip based acls
can suffer a lot. For what I understand you could easily spoof yourself as
127.0.0.1 ...
An unofficial patch was published on bugtraq too, and is available in the
message (http://marc.theaimsgroup.com/?l=bugtraq&m=108241122908409) and
online (http://www.nettwerked.co.uk/code/phpbb-ipspoof.patch)
Attached is the vuxml snippet for this issue.
Frankye
ps: To Mr. Liu: if you're not following the whole vuxml thing and you're
wondering what this is all about there's some info there
(http://lists.freebsd.org/pipermail/freebsd-security/2004-April/001859.ht
ml)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: phpbb20040420.xml.snippet
Type: application/octet-stream
Size: 757 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-vuxml/attachments/20040420/e9717a09/phpbb20040420.xml.obj
More information about the freebsd-vuxml
mailing list