YaBB SE 1.5.5 Released!

[marcnyc]

That was a typo... I meant that now I AM ABLE to chmod to 777 and I did before applying the mod but I got that error... What could this depend on? I really don't wanna have to do it manually, especially because I have several installations of YaBB SE...

[[Unknown]]

You need to at least temporarily chmod the /yabbse folder to 777 as well.

-[Unknown]

[marcnyc]

Thank you. That was my problem.

[revolver_ocelot200]

I thought http://www.supermod.org was the one continuing yabbse? and boy was I convinced! that wiziwyg(?) guy is really commited to supermod, it's my first time to visit that again and boy... It's really evolving ha?

What's new in the SSI fix this update has by the way?

[[Unknown]]

The supermod is by no means "continuing" YaBB SE.

I'm sorry but I'm not at liberty to spell out the problems with SSI.php .

-[Unknown]

[David]

I thought http://www.supermod.org was the one continuing yabbse? and boy was I convinced! that wiziwyg(?) guy is really commited to supermod, it's my first time to visit that again and boy... It's really evolving ha?

Supermod is in no way affiliated with the YaBB SE project beyond them just choosing to use our software to base their system off of.

[daddywolfe]

Any recommendations for making this update on a board running 1.5.4 with the supermod SM0817R5?

I have a couple of these board like that, although one seems to have some strange problems already.  Both are identical, but one is causing the server to hang and core dump due to an unclosed process that runs for up to 15 minutes.  Almost always it will show in the error log for the server that yabbse tried to load an active x update for mplayer off a ms update server that has been moved.  I want to update the security but I'm afraid with this one that my problem could get worse.  The board was moved to our most stable server and given enough space that it wouldn't cause core dumps as much, but it's still having this problem.

[Peter Duggan]

Any recommendations for making this update on a board running 1.5.4 with the supermod SM0817R5?

Please ask at supermod.org, where you might even find your question already answered:

http://www.supermod.org/community/index.php?board=3;action=display;threadid=1670;start=0

[Yvette]

Even with this lastest fix, some of my users are still reporting that when they request a change of password, their email program rejects the message saying that it contains a virus ..(Outlook 'CR' Vulnerability).

Also, sometimes I get bounce backs from their mail servers:

Subject: WARNING YOU MAY HAVE A VIRUS
The virus software on ***.net has reported that you sent a virus with the subject "Account Information" to:
someone@***.net.  The E-mail containing the virus has been removed to prevent further damage.

[Outlook 'CR' Vulnerability] was found in file: [No attachment]

Was this upgrade supposed to fix this problem? I noticed the change to the sendmail function in Subs.pl. Is there anything else that I can try?

Yvette

[Peter Duggan]

Was this upgrade supposed to fix this problem?

Basically no, because it's not a known problem. In fact, I've just tested the 'forgot password?' function with a live 1.5.4 board (with SSI.php deleted) that hasn't been upgraded yet, and found no problem with the emails.

I noticed the change to the sendmail function in Subs.pl.

You mean Subs.php, as detailed in the changelog at http://sourceforge.net/project/shownotes.php?release_id=210608?

Is there anything else that I can try?

Are you absolutely certain that there's no problem with your server or nobody is spoofing your email address? A standard YaBB SE doesn't send out emails with the subject 'Account Information', you see...

[daddywolfe]

He's right about the board not sending out anything like that.  Even the supermod doesn't do that.  We host several se 1.5.4 boards configured with sm 187, and we have never had anything like this.  Also, we run two se 1.5.5 boards, never seen it with those either, as well as one se 1.5.5 board with sm 204 (for testing) and haven't seen it with those.  The odds are somebody is spamming using your board's email address.
You can check with wiziwig at supermod, but my check of the original code doesn't indicate anything to cause this.
Is your board running on a IIS server?  I find it extremely hard to believe the idea that a unix server could be infected with a virus that would show up on a Windows system.  Also, what mods are you running in your board and where did you get them?
And did you modify the message the board sends the password in?  I know that some word patterns will trigger my spam blocker, even though it is legitimate email.
Just some things I would take a look at.

[[Unknown]]

It's not a virus, it's an exploit.  Outlook is detecting an exploit in the email....

YaBB SE doesn't even send HTML emails.  Supermod, however, does... but, still, that shouldn't contain any exploits...

-[Unknown]

[Yvette]

It's not a virus, it's an exploit.  Outlook is detecting an exploit in the email....

YaBB SE doesn't even send HTML emails.  Supermod, however, does... but, still, that shouldn't contain any exploits...

-[Unknown]

Is there anyway that I can reformat the mail headers in Subs.pl so that this exploit isn't there?

Reply to daddywolfe & Peter:

Yes, I meant Subs.php, as detailed in the changelog at http://sourceforge.net/project/shownotes.php?release_id=210608?

Also, I have changed the subject line for forgotten passwords to be Account Information. Is that considered a security risk for anyone trying to monitor email packets or whatever on the Internet.. ?

I have other programs that send email out, such as the lastest version of formmail.php. I've never received bounce backs from email sent via these programs. I also used to run Majordomo on my server, and again, I never received bouncebacks. If I knew enough about mail headers, I would use the way formmail.php generates headers to modify Subs.php, but I don't have a way to test it, to verify that I fixed the problem.

I have 26,000+ members who signed up over the last couple of years, and this problem occurs with only some of them. If I had to guess, I'd say 2-3%.

This latest guy who had the problem wrote me to say that he was trying to get a new password, but his virus protection software kept reporting that I (YaBB Se) was sending him a virus. I received the boucebacks from his attempts. I then tried to modify a couple of headers, resent his password, and received the bouceback an instant later.

Rather than sending further "virus" emails, I manually changed his password in his profile and sent it to him via my regular email account, asking if I could use his account to test to see if I could come up with a fix.. but I haven't heard back. Who in their right mind would let a stranger send email to them when their email program says the email contains a virus?

I'm not using Supermod, and no mods that modify the sendmail function in Subs.pl. Yes, I modified the actual message in the password reminder slightly, but I think this problem occurs with a small perscentage of all email sent out via YaBB SE.. such as notifications.

I'd appreciate any futher suggestions.. here's some info I found about the vulnerability:

"Outlook 'CR' Vulnerability: This vulnerability occurs when an E-mail contains a single 'CR' character within the E-mail headers (as opposed to a 'CR' followed by an 'LF', which is used to end a line in SMTP). Outlook can treat this as the end of the headers, which would allow Outlook to see a virus that was embedded in the headers. There is no legitimate reason for an E-mail to contain a lone 'CR' in the headers." http://www.thecoaproject.com/bugreport.php

See also: http://www.securitytracker.com/alerts/2002/Feb/1003546.html

Sorry if this message should have been posted somewhere else. I was hoping the latest upgrade would include a fix for this.

Am I really the only one who has had this problem? I thought that maybe it was a matter of removing one of the instances of \r\n. What is LF?

Yvette

[[Unknown]]

Could be just that - I know I would delete any email I recieve with "Account Information" as the subject right off.

Again, it's not Subs.pl.  You're gonna start confusing people if you keep saying that .  It's Subs.php...

As far as the vulnerability you're talking about... sounds like your mail server sucks.  You're supposed to send \r\n to the server, and YaBB SE does - so your mail server is stripping it or something.  If that's the vulnerability... well, that shouldn't be YaBB SE either.

CR = \r, LF = \n.  They should always be in pairs. (CRLF aka \r\n)

-[Unknown]

[QM]

Being a complete numpty, why do I receive an unable to access index.php when performing the 1.5.4 to 1.5.5 package update