Chevy Decoding Information Camaro Information & Statistics Online Camaro Restoration Guide Site main page Club Merchandise Photo Gallery Event Calendar Cars for Sale/Wanted Camaro Chat
Top quality club wearing apparel!!!
  Second Generation Camaro Owners Group Message Board
  SiteTopic
  Vulnerability info for MadMike

Post New Topic  Post A Reply
profile | register | preferences | faq | search

UBBFriend: Email This Page to Someone! next newest topic | next oldest topic
Author Topic:   Vulnerability info for MadMike
memmert
Veteran Member
posted April 20, 2004 08:42 PM     Click Here to See the Profile for memmert   Click Here to Email memmert     Edit/Delete Message   Reply w/Quote   Visit memmert's Homepage!   View memmert's car!
Hey there,
I was going through our Intrusion Detection logs today at work while trying to identify an intrusion to our corporate network today. (we found the culprit, it just turned out to be an infected laptop).

The reason I am posting today is that it came up in the logs that when I post to NastyZ28 it shows up as code from "Ultimate Bulliten board" If the detection is correct that is what you use for the boards here. I will paste what it states in our logs. Apparently there is a vulnerability in the freeware that could leave you susceptable to attack if you don't update your software.
Now that I have said that, let me say that Intrusion Detection is not 100% and you may not even be running the "Ultimate" stuff or at least not on Unix/Linux.
Also, I could be reading the warning wrong and you may not be vulnerable at all but I just wanted to alert you and keep NastyZ28.com out of harms way.

Regards,

memmert

*************************************
Ultimate Bulletin Board could allow remote command execution (HTTP_UBB_Posting_Topic)
About this signature or vulnerability
BlackICE Server Protection, BlackICE PC Protection, RealSecure Sentry, RealSecure Guard, BlackICE Agent for Server, RealSecure Desktop Protector, RealSecure Network Sensor, RealSecure Server Sensor:

This signature detects shell metacharacters in a form variable called "topic" sent by an HTTP POST to the CGI script "postings.cgi".


Default risk level
High

Sensors that have this signature
BlackICE Server Protection: 3.6.cbd, BlackICE PC Protection: 3.6.cbd, RealSecure Sentry: 3.6, RealSecure Guard: 3.6, BlackICE Agent for Server: 3.6, RealSecure Desktop Protector: 3.6, RealSecure Network Sensor: 7.0, RealSecure Server Sensor: 7.0

Systems affected
Ultimate Bulletin Board: 5.43

Type
Unauthorized Access Attempt

Vulnerability description
Ultimate Bulletin Board (UltimateBB) is a Perl-based Web bulletin board program produced by Infopop Corporation. A flaw in how some variables are parsed within ubb_library.pl could allow a remote attacker to execute arbitrary commands on vulnerable servers. This vulnerability only affects Unix/Linux based servers. Windows NT systems are not vulnerable.

How to remove this vulnerability
Upgrade to the latest version of Ultimate Bulletin Board, available from the Ultimate Bulletin Board Web site. The most recent freeware and licensed versions are not vulnerable.


References
BugTraq Mailing List, Fri Feb 11 2000 - 13:49:35 CST
perl-cgi hole in UltimateBB by Infopop Corp.
http://archives.neohapsis.com/archives/bugtraq/2000-02/0118.html

BugTraq Mailing List, Tue Feb 15 2000 - 16:41:49 CST
Re: perl-cgi hole in UltimateBB by Infopop Corp.
http://archives.neohapsis.com/archives/bugtraq/2000-02/0180.html

ISS X-Force
Ultimate Bulletin Board could allow remote command execution
http://www.iss.net/security_center/static/3964.php

CVE
CVE-2000-0141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0141

------------------
Speed costs money, how fast do you want to go?

IP Logged

Eric
Administrator
posted April 20, 2004 09:49 PM     Click Here to See the Profile for Eric   Click Here to Email Eric     Edit/Delete Message   Reply w/Quote   Visit Eric's Homepage!   

I think your security program is being extremely generic- the "problem" it perceives is metacharacters when you apparently do something in a topic (probably view it). Those statements about problems are very generic in respect to UBB 5.43 and don't actually indicate that even if you are running an un-updated UBB that there really can be a 'problem'- just that potentially a weakness could be exploited. However, what may not be noted is that Nastyz28 is not using v5.43, but a newer version along the same series.

Mike is really the guy who "knows" the UBB here- but I suspect that this particular 'issue' is not applicable or we would have been hacked a long time ago.

IP Logged

memmert
Veteran Member
posted April 21, 2004 11:03 AM     Click Here to See the Profile for memmert   Click Here to Email memmert     Edit/Delete Message   Reply w/Quote   Visit memmert's Homepage!   View memmert's car!
great! i'm glad the BB is safe.

------------------
Speed costs money, how fast do you want to go?

IP Logged

All times are ET (US)

next newest topic | next oldest topic

Administrative Options: Close Topic | Archive/Move | Delete Topic
Post New Topic  Post A Reply
Hop to:

Contact Us | Second Generation Camaro Owners Group

Copyright 1997 - 2005 North Georgia Classic Camaro


Ultimate Bulletin Board 5.47e