Vulnerabilities > CVE-2009-4448 - Resource Management Errors vulnerability in Mybboard Mybb 1.4.10
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Seebug
| bulletinFamily | exploit |
| description | CVE ID:CVE-2009-4448 MyBB是一款流行的基于PHP的论坛程序。 MyBB inc/functions_time.php文件中包含的adodb_mktime()函数在处理部分日期值时存在漏洞,攻击者提交包含超大的year参数值的报文就会触发大量循环,导致CPU负载过高造成拒绝服务攻击。 MyBB 1.4.10 用户可参考如下安全公告获得补丁信息: http://dev.mybboard.net/projects/mybb/repository/revisions/4613/diff/branches/1.4-stable/inc/functions_time.php |
| id | SSV:15191 |
| last seen | 2017-11-19 |
| modified | 2010-01-06 |
| published | 2010-01-06 |
| reporter | Root |
| title | MyBB adodb_mktime()日期参数远程拒绝服务漏洞 |
References
- http://blog.mybboard.net/2009/12/29/mybb-1-4-11-released-minor-patch-security-update/
- http://dev.mybboard.net/issues/600
- http://dev.mybboard.net/projects/mybb/repository/revisions/4613/diff/branches/1.4-stable/inc/functions_time.php
- http://openwall.com/lists/oss-security/2010/10/08/7
- http://openwall.com/lists/oss-security/2010/10/11/8
- http://openwall.com/lists/oss-security/2010/12/06/2
- http://secunia.com/advisories/37906