Vulnerabilities > CVE-2009-4448 - Resource Management Errors vulnerability in Mybboard Mybb 1.4.10
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Seebug
bulletinFamily | exploit |
description | CVE ID:CVE-2009-4448 MyBB是一款流行的基于PHP的论坛程序。 MyBB inc/functions_time.php文件中包含的adodb_mktime()函数在处理部分日期值时存在漏洞,攻击者提交包含超大的year参数值的报文就会触发大量循环,导致CPU负载过高造成拒绝服务攻击。 MyBB 1.4.10 用户可参考如下安全公告获得补丁信息: http://dev.mybboard.net/projects/mybb/repository/revisions/4613/diff/branches/1.4-stable/inc/functions_time.php |
id | SSV:15191 |
last seen | 2017-11-19 |
modified | 2010-01-06 |
published | 2010-01-06 |
reporter | Root |
title | MyBB adodb_mktime()日期参数远程拒绝服务漏洞 |
References
- http://blog.mybboard.net/2009/12/29/mybb-1-4-11-released-minor-patch-security-update/
- http://blog.mybboard.net/2009/12/29/mybb-1-4-11-released-minor-patch-security-update/
- http://dev.mybboard.net/issues/600
- http://dev.mybboard.net/issues/600
- http://dev.mybboard.net/projects/mybb/repository/revisions/4613/diff/branches/1.4-stable/inc/functions_time.php
- http://dev.mybboard.net/projects/mybb/repository/revisions/4613/diff/branches/1.4-stable/inc/functions_time.php
- http://openwall.com/lists/oss-security/2010/10/08/7
- http://openwall.com/lists/oss-security/2010/10/08/7
- http://openwall.com/lists/oss-security/2010/10/11/8
- http://openwall.com/lists/oss-security/2010/10/11/8
- http://openwall.com/lists/oss-security/2010/12/06/2
- http://openwall.com/lists/oss-security/2010/12/06/2
- http://secunia.com/advisories/37906
- http://secunia.com/advisories/37906