COMMAND

    Anyboard

SYSTEMS AFFECTED

    Systems running Anyboard (www.netbula.com)

PROBLEM

    Draz Q  published a  short summary  of problems  with a webrelated
    software in eurohack.  Basicly it sounds pretty much like a common
    CGI  problem.  It  does  not  give  user  or root access, only the
    ability to fake/modify just about anything showed by the program.

    After using the Anyboard Forum for a while Draz Q found a "little"
    (?) flaw in  it that allows  _anyone_ to get  the admin login  and
    password.   This is  because the  forum CFG  file is  available to
    anyone.  This, allows anyone to,

        - Delete messages in the forum (purge the whole forum)
        - Modify messages
        - Write messages as Admin
        - Change admin login and password
        - In short, do anything in the Message forum

SOLUTION

    Nothing yet.