Welcome, Guest. Please Login or Register.
November 23, 2024, 02:52:18 PM
Home Help Search Log in Register
News: If you are still using YaBB SE, please consider upgrading to SMF as soon as possible.

YaBB SE Community  |  YaBB SE Info  |  News From the YaBB SE Team  |  SECURITY FIX! Users using any version prior to 1.5.1 « previous next »
Pages: [1] 2 3 ... 12 Reply Ignore Print
Author Topic: SECURITY FIX! Users using any version prior to 1.5.1  (Read 99672 times)
Jeff Lewis
Global Moderator
YaBB God
*****
Posts: 10149


I'm a llama!

WWW
SECURITY FIX! Users using any version prior to 1.5.1
« on: January 24, 2003, 12:37:18 PM »
Reply with quote

For those of you using these version, please change the following in the Packages.php file.

Change:

include_once("$sourcedir/Packer.php");
// verify the user is an administrator
is_admin();

to

// verify the user is an administrator
is_admin();
include_once("$sourcedir/Packer.php");

Make sure the include comes after the is_admin() call.
Logged

bart
Guest
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #1 on: January 24, 2003, 01:03:57 PM »
Reply with quote

Maby it is a little bit unnessesary but my english is not that great...

You mean al versions before the RC36??
Logged
Peter Duggan
Llama Chameleon
Global Moderator
YaBB God
*****
Posts: 1793


You come and go...

WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #2 on: January 24, 2003, 01:13:00 PM »
Reply with quote

My understanding is that that is correct.
Logged

David
Destroyer Dave
Global Moderator
YaBB God
*****
Posts: 5761


I'm not a llama!

WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #3 on: January 24, 2003, 03:23:52 PM »
Reply with quote

Quote from: Bart on January 24, 2003, 01:03:57 PMMaby it is a little bit unnessesary but my english is not that great...

You mean al versions before the RC36??
Yes, any version of YaBBSE prior to build 36 of RC1.  This includes 1.4.x and 1.3.x.
Logged

bart
Guest
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #4 on: January 24, 2003, 03:38:06 PM »
Reply with quote

Then we are on the same line.. thank you!
Logged
cornnuts
Jr. Member
**
Posts: 50


I'm a llama!

Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #5 on: January 24, 2003, 07:54:49 PM »
Reply with quote

Thanks 8)
Logged
derekmoore
Noobie
*
Posts: 1


I'm a 4.5 llama!

Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #6 on: January 27, 2003, 06:31:08 PM »
Reply with quote

Cannot stress the importance of this - all our servers running 1.4.x have just been hacked because of this very major hole

You MUST implement the fix now!!!

Derek
« Last Edit: January 27, 2003, 06:43:38 PM by derekmoore » Logged
Mike Healan
Noobie
*
Posts: 33


WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #7 on: January 27, 2003, 09:15:29 PM »
Reply with quote

They got me too. Thankfully, this guy was after white supremacists and neo-nazis and not me. All he did was email my sql password to me and "suggest" I fix it before some 1337 Brazilian h4x3r 0wned me (and yes that's how he spelled it).
Logged

Taras
Noobie
*
Posts: 4


I'm a llama!

Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #8 on: January 30, 2003, 05:35:02 AM »
Reply with quote

thanks for the heads up on that... done the update :)
Logged
sensovision
Full Member
***
Posts: 100


WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #9 on: February 02, 2003, 01:53:07 PM »
Reply with quote

I was shoked when I've got message from some mail-robot with my login and pass... yesterday... so I implement all changes and start to search for forums which not yet install patch... I've saw few memberboards already hacked:( I've mail to more than 50 admins of boards affected by this... but I don't have time anymore time to do this... maybe you can send some e-mail e.g. for registered memebers or something to ask people use this security update as soon as possible? ???
Logged

Denis

Are you good with the graphic? check out our design logo contest!
PostDeals
Full Member
***
Posts: 112


Checkout postdeals.net for the latest deals.

WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #10 on: February 02, 2003, 03:14:01 PM »
Reply with quote

Just updated it, t hanks, I can't believe it i didn't see this earlier.
Logged

For HotDeals, Coupons, Games Visit: www.postdeals.net

Jeff Lewis
Global Moderator
YaBB God
*****
Posts: 10149


I'm a llama!

WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #11 on: February 02, 2003, 04:31:39 PM »
Reply with quote

We sent out an announcement and posted it elsewhere as well...there is only so much we can do...
Logged

Anton
Noobie
*
Posts: 9


Destroy Erase Improve

demonanton666@hotmail.com WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #12 on: February 02, 2003, 04:44:30 PM »
Reply with quote

Quote from: Mike Healan on January 27, 2003, 09:15:29 PMI fix it before some 1337 Brazilian h4x3r 0wned me (and yes that's how he spelled it).

That was probably the same group that got me, did they have anything to do with ION?
Logged

By Steel Will Thy Flesh Divide
akpcep
Noobie
*
Posts: 33


I'm not a f*ckin llama.

WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #13 on: February 02, 2003, 04:50:12 PM »
Reply with quote

Many thanks for the heads-up. I just administered the fix.

Strangely, someone in my referrers navigated to my site by searching allinurl:yabbse in google. Scary stuff.
Logged

tamalyn
Noobie
*
Posts: 29


I'm a llama!

Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #14 on: February 02, 2003, 04:58:02 PM »
Reply with quote

hi


i am new to this, i have taken the first line out, and moved it to the line below like this

 verify the user is an administrator
is_admin(); include_once("$sourcedir/Packer.php");

is that right? or do i need the black blocks in between somewhere??

sorry i am a bit of a bimbo!
Logged
Pages: [1] 2 3 ... 12 Reply Ignore Print 
YaBB SE Community  |  YaBB SE Info  |  News From the YaBB SE Team  |  SECURITY FIX! Users using any version prior to 1.5.1 « previous - next »
 


Powered by MySQL Powered by PHP YaBB SE Community | Powered by YaBB SE
© 2001-2003, YaBB SE Dev Team. All Rights Reserved.
SMF 2.1.4 © 2023, Simple Machines
Valid XHTML 1.0! Valid CSS

Page created in 0.048 seconds with 20 queries.