Date: Wed, 21 Apr 2004 00:59:51 +0800 From: "Kang Liu" <liukang@bjpu.edu.cn> To: "'Frankye - ML'" <listsucker@ipv5.net>, <freebsd-vuxml@FreeBSD.org> Subject: RE: [vuxml entry] phpBB 2.0.8a ip spoofing Message-ID: <282479830.17835@bjpu.edu.cn> In-Reply-To: <282468679.17872@bjpu.edu.cn>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thank you very much for informing me of this problem. I've read it from bugtraq and tested it on my own computer. I think the IP spoof vulnerability can be confirmed. But as you said, this vulnerability only affect the boards which use IP based ACL, By default, there is no IP based ACL unless the board manager create it. I do not mean this problem can be ignored, Further more, there might be another problem which may lead to DoS. I'm trying to contact with the founder to confirm the potential vulnerability, After that I will send a PR as soon as I can. Regards, Liu Kang -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQIVWvNCgh1up3pM4EQIVAwCcDcRZ/hcnQ8RTAn5Lp5lSTAneQeoAoPw4 o4dR7Gh1fo36pP+hWSsVjf3w =Fmto -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?282479830.17835>