[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

forum's



Jeg har gravet lidt i hvad der kunne findes om
sikkerhedsproblemer/fixes på phpBB, FUD og Phorum.

Udfra jeg har fundet, så virker FUD som et godt valg.
Dog skal der opgraderes til nyeste PHP4 på sslug for at
få disse forum  til at virke. Aktuelt er det vist PHP3 ;(
(eller det skal køre på tyge.sslug.dk)

Generelt så skal der løbende checkes for sikkerhedsfejl
og evt. opgraderes.
Derfor skal det hele laves så det er let at flytte/opgradere 
forumet. Der skal helst ikke laves for mange egne 
udvidelser/rettelser, da det besværliggør opgraderinger.

............................................................
............................................................
om flere wwwwboards: http://www.cgisecurity.com/archive/wwwboards/
............................................................

Phorum  http://www.phorum.org
januar 2000: Phorum 3.07 http://www.opennet.ru/base/cgi/18.txt.html
  bla. ændring af administrator password og læsning af vilkårlige filer
nov. 2000: http://www.securiteam.com/unixfocus/6B00M1P0AY.html
  bla. læsning af vilkårlige filer.
marts 2002: http://www.cgisecurity.com/archive/wwwboards/phorum-email-disclosure.txt
  http://www.der-keiler.de/Mailing-Lists/Securiteam/2002-02/0130.html
  muligt at aflæse email på de sidste 10 brugere
may 2002: http://www.cgisecurity.com/archive/wwwboards/phorum_3.3.2a_and_command_execution.txt
  denne tiilader udførsel af externe php-scripts ;(

Se også http://phorum.org/changelog.txt der er en del 
secutiry fix, senest til 3.3.2c  (aktuelle version er 3.4.1)

Phorum: en hel del fejl, men de er mest gamle.
Phorum ser også ud til at være ældre end de andre web-boards ?

............................................................


phpBB2  http://www.phpbb.com/ ( begynder omtrent 2001 ?)
....
2002: http://pwaring.f2o.org/rixort/security/phpbb-cards.php
nov 2002:  http://www.cgisecurity.com/archive/wwwboards/phpBB-2.0.0-priv-upgrade.txt
okt 2002: http://www.securiteam.com/unixfocus/6F0120A5PU.html
  bla. ændring af bruger til  administrator  
14 jan 2003: http://www.cgisecurity.com/archive/wwwboards/phpBB-sql-injection-pre-2.0.3.txt
   SQL injection hole, løst i vers. 2.0.4

En del småfejl, lidt svært at finde dem på phpbb's eget forum.

............................................................

FUD  http://fud.prohost.org/features.php

august 2002:  mulighed for at læse filer som /etc/passwd
 	GET /forum/tmp_view.php?file=/etc/passwd
april 2002: mindre problemer med at anonyme bruger kan læse
  indlæg på områder hvor der kun er adgang for registrerede brugere.
feb. 2002: mest PHP 4.0.4-4.0.11 problem
	http://security.e-matters.de/advisories/012002.html

Har ikke kunnet finde så meget om denne, 
måske det ikke er så brugt et forum, eller der blot
er få fejl?

.....................................................


-- 
mvh Frank Damgaard  | 



 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 20:55 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *