From owner-freebsd-vuxml@FreeBSD.ORG Sat May 1 10:57:22 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AE00316A4CE; Sat, 1 May 2004 10:57:22 -0700 (PDT) Received: from avgw.bjut.edu.cn (avgw.bjut.edu.cn [202.112.78.85]) by mx1.FreeBSD.org (Postfix) with SMTP id 648D843D46; Sat, 1 May 2004 10:57:21 -0700 (PDT) (envelope-from delphij@frontfree.net) Received: from beastie.frontfree.net ([218.107.145.7]) by avgw.bjut.edu.cn (SAVSMTP 3.1.5.43) with SMTP id M2004050201571821549 ; Sun, 02 May 2004 01:57:18 +0800 Received: from localhost (localhost [127.0.0.1]) by beastie.frontfree.net (Postfix) with ESMTP id 5FB33116A4; Sun, 2 May 2004 01:57:18 +0800 (CST) Received: from beastie.frontfree.net ([127.0.0.1]) by localhost (beastie.frontfree.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00127-03; Sun, 2 May 2004 01:57:17 +0800 (CST) Received: by beastie.frontfree.net (Postfix, from userid 1001) id 2A98511588; Sun, 2 May 2004 01:57:16 +0800 (CST) Date: Sun, 2 May 2004 01:57:16 +0800 From: Xin LI To: FreeBSD-gnats-submit@FreeBSD.org Message-ID: <20040501175716.GA697@frontfree.net> References: <20040501171456.0225511602@beastie.frontfree.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="W/nzBZO5zC0uMSeA" Content-Disposition: inline In-Reply-To: <20040501171456.0225511602@beastie.frontfree.net> User-Agent: Mutt/1.4.2.1i X-GPG-key-ID/Fingerprint: 0xCAEEB8C0 / 43B8 B703 B8DD 0231 B333 DC28 39FB 93A0 CAEE B8C0 X-GPG-Public-Key: http://www.delphij.net/delphij.asc X-Operating-System: FreeBSD beastie.frontfree.net 5.2-CURRENT FreeBSD 5.2-CURRENT #33: Mon Apr 26 15:10:21 CST 2004 delphij@beastie.frontfree.net:/usr/obj/usr/src/sys/BEASTIE i386 X-URL: http://www.delphij.net X-By: delphij@beastie.frontfree.net X-Location: Beijing, China X-Virus-Scanned: by amavisd-new at frontfree.net cc: vuxml@FreeBSD.org cc: Kang LIU cc: portmgr@FreeBSD.org Subject: Re: ports/66150: [PATCH] SECURITY UPDATE ports/www/phpbb for IP spoofing vulnerablity X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 May 2004 17:57:22 -0000 --W/nzBZO5zC0uMSeA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Also, I hope the attached patch, which mitigates session table exhaustion which could be used in a DDoS attack after the above patch to get its way into phpbb/files so it will be automatically patched. I suggest to add the following item to be added into vuxml: phpBB ession table exhaustion phpbb 2.0.8_2

The includes/sessions.php unnecessarily adds session item into session table and therefore vulnerable to a DDoS attacK.

 http://www.securityfocus.com/archive/1/360931 2004-03-05 2004-05-01 --=20 Xin LI http://www.delphij.net/ See complete headers for GPG key and other information. --W/nzBZO5zC0uMSeA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAk+T8OfuToMruuMARAoOhAJwNtNwkw7xNBVs4Ffvq0F8tKf+l0wCfTpln xifsBDeN5JGAYIFJf9pm/E8= =AQAo -----END PGP SIGNATURE----- --W/nzBZO5zC0uMSeA--