SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (News)  >   BAVO Vendors:   Lambrechts, Floris
BAVO PHP-based Web News Software Authentication Bug Lets Remote Users Gain Administrative Access to the Application
SecurityTracker Alert ID:  1003503
SecurityTracker URL:  http://securitytracker.com/id/1003503
CVE Reference:   CVE-2002-1719   (Links to External Site)
Updated:  May 20 2008
Original Entry Date:  Feb 10 2002
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 0.3
Description:   An authentication vulnerability was reported in BAVO, a PHP-based news-oriented web server application. A remote user can gain 'admin' access on the application.

The vulnerability was due to a bug in the checking of administrator passwords. Administator passwords were not checked so that any remote user could perform administrative functions on the application, including deleting or editing messages.

The vendor reports that Bavo is a work-in-progress and should *never* be used in an environment where security is required.

Impact:   A remote user can gain 'admin' access on the application and can delete or edit messages.
Solution:   The vendor has released a fixed version (0.3.1), available at:

http://freshmeat.net/redir/bavo/19259/url_tgz/bavo-0.3.1.tgz

The vendor strongly notes that BAVO is a work-in-progress and is not intended for security critical environments.

Vendor URL:  friet.patat.org/~florizla/bavo/ (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Underlying OS Comments:  PHP-based

Message History:   None.


 Source Message Contents

Subject:  BAVO 0.3.1


  BAVO 0.3.1
  by floris lambrechts (http://freshmeat.net/users/florisla/)
  Thursday, February 7th 2002 18:38

Internet :: WWW/HTTP :: Dynamic Content :: Message Boards

About: BAVO is (yet another) lightweight newsreader written in PHP. It
has no identity checks for users, having them only for admins. It is
thus useful mainly on LANs, where you trust the site's visitors. It is
meant to be used when CMS/portal systems like PHP-Nuke and Slashcode are
way too bloated, but where you'd still want a newspage. It therefore
uses no database, no polls, no moderation, and no cookies. However, it
looks nice and the admin(s) can edit/remove messages and reactions.

Changes: One major security flaw is fixed, along with some minor
usability bugs. The code and documentation is updated. This is the first
really solid release.

License: GNU General Public License (GPL)

URL: http://freshmeat.net/projects/bavo/

The vendor reports that Bavo is a work-in-progress and should *never* 
be used in an environment where security is required.

The vulnerability was due to a bug in the checking of administrator 
passwords.  Administator passwords were not checked so that any remote 
user could perform administrative functions on the application, including 
deleting or editing messages.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC