----------------------------------------------------------------------

Bist Du interessiert an einem neuen Job in IT-Sicherheit?


Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/

----------------------------------------------------------------------

TITLE:
FlatNuke Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA15603

VERIFY ADVISORY:
http://secunia.com/advisories/15603/

CRITICAL:
Highly critical

IMPACT:
Cross Site Scripting, Exposure of system information, Exposure of
sensitive information, DoS, System access

WHERE:
>From remote

SOFTWARE:
FlatNuke 2.x
http://secunia.com/product/4477/

DESCRIPTION:
Some vulnerabilities have been reported in FlatNuke, which can be
exploited by malicious people to cause a DoS (Denial of Service),
conduct cross-site scripting attacks, disclose potentially sensitive
information, and compromise a vulnerable system.

1) It is possible to cause the "foot_news.php" script to enter an
infinite loop and consume a large amount of CPU resources when
accessing it directly.

2) Input passed to the "Referer" HTTP header is not properly
sanitised before being stored in a PHP file inside the web root. This
can be exploited to execute arbitrary PHP code.

3) Input passed to the "border" and "back" parameters in "help.php"
and "footer.php" is not properly sanitised before being returned to
users. This can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of a vulnerable site.

Successful exploitation requires that "register_globals" is enabled.

4) Input passed to the "image" parameter in "thumb.php" is not
properly verified before being used to view images. This can be
exploited to disclose the contents of arbitrary images from external
and local resources.

It is also possible to disclose the full path to certain scripts by
accessing them directly or by supplying invalid input.

The vulnerabilities have been reported in version 2.5.3. Prior
versions may also be affected.

SOLUTION:
Update to version 2.5.4.
http://sourceforge.net/project/showfiles.php?group_id=93076

PROVIDED AND/OR DISCOVERED BY:
Discovered by anonymous person and reported via SecWatch.

ORIGINAL ADVISORY:
SecWatch:
http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------