Thread: PHP Vulnerabilities in <= 4.3.9 and <= 5.0.2
View Single Post
  #1  
Old 12-23-2004, 08:28 PM
Erwin's Avatar
Erwin Erwin is offline
 
Join Date: Jan 2002
Posts: 7,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default PHP Vulnerabilities in <= 4.3.9 and <= 5.0.2
Refer:
http://www.vbulletin.com/forum/showthread.php?t=123531

Reposted here because members here are asking questions about it.

-------------------------------------------------------------------------

The list of vulnerabilities is found here:
http://www.hardened-php.net/advisories/012004.txt

You will notice that one specifically mentions vBulletin. Please note that this it NOT a vBulletin vulnerability. It is a vulnerability in one of the PHP functions that vBulletin uses. To fix this vulnerability, you must upgrade your PHP.

PHP versions 4.3.10 and 5.0.3 are not affected. You may download either from here. (Note: we still recommend the 4.3.x series for vBulletin.)

If you upgrade your PHP and start getting errors with vBulletin, ensure any PHP caching or accelerator programs (such as Turck MMCache or Zend Optimizer) are also upgraded to the latest version. There is a change in PHP that conflicts with older versions!

If your server runs the Zend Optimizer you also upgrade this when you upgrade to PHP 4.3.10.

If you see an error like this:

Warning: Constants may only evaluate to scalar values in /path/to/init.php on line 752

... this indicates that your version of the Zend Optimizer is too old for PHP 4.3.10.

You should upgrade your Zend Optimizer by downloading the latest version from Zend.com.
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03526 seconds
  • Memory Usage 1,766KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete