Vulnerability

    Ultimate Bulletin Board

Affected

    Ultimate Bulletin Board v5.47e

Description

    'ultimator30'  found  following.   As  still  known, there've been
    some security  problem in  UBB up  to version  5.74a that makes it
    possible  to  read  in  private  forums (password protected), just
    giving the 'postings.cgi' the querystring

        action=reply&forum=doesnotmatter&number=1&topic=000001.cgi&TopicSubject=doesnotmatter&replyto=0

    altering 'number' to the number of a private forum and 'topic' and
    'replyto' just to the number you want to read.

    So for example this  URL could let you  read the first message  of
    the first thread in a private forum, wich's number is 1:

        http://boardhost.org/boarddir/postings.cgi?action=reply&forum=&number=1&topic=000001.cgi&TopicSubject=&replyto=0

    We guess  this bug  should be  fixed at  least with version 5.47e.
    But there was  forgotten one little  detail: If there  are several
    private  forums  e.g.  one  for  the  moderators  and one only for
    administrators,  people  with  a  moderators  rights  could  still
    exploit this  bug to  read in  administrators forum,  thought they
    don't have  permission to  read there,  just by  loggin in and get
    coockied by that.

Solution

    Version 5.47e  is an  older, no  longer maintained  version of the
    Ultimate Bulletin Board.  Versions 6.0, 6.01, 6.02, and 6.03  (the
    current version)  do not  have this  liability.   Upgrades to  the
    software are free  provided the license  holder maintains a  valid
    Members Area subscription.

    Infopop Corporation will release a  patch to 5.47e in the  Members
    Area for those people who for some reason feel they must still run
    an outdated and umaintained version of the software.