Go Back   vb.org Archive > News and Announcements > News and Announcements
Reload this Page vB2 Security Update: vBulletin 2.3.4
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 01-07-2004, 09:16 AM
Erwin's Avatar
Erwin Erwin is offline
 
Join Date: Jan 2002
Posts: 7,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default vB2 Security Update: vBulletin 2.3.4
From:
http://www.vbulletin.com/forum/showthread.php?t=91409

vBulletin 2.3.4

vBulletin 2.3.4 is a security and bug fix release. We recommend you upgrade as soon as possible; if this is not possible, you can simply use the updated calendar.php from this version to obtain the security fix.

Files Changes (from 2.3.3)
Main Directory: calendar.php, member.php, member2.php, report.php
Admin Directory: bbimport.php, functions.php, index.php
Mod Directory: none
The usuals (for version numbers): admin/global.php, admin/install.php, admin/upgrade1.php
Reply With Quote
  #2  
Old 01-07-2004, 09:18 AM
Erwin's Avatar
Erwin Erwin is offline
 
Join Date: Jan 2002
Posts: 7,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
If you see this error email:

Quote:
Database error in vBulletin 2.3.2:

Invalid SQL: SELECT allowsmilies,public,userid,eventdate,event,subject FROM calendar_events WHERE eventid = 14 union (SELECT allowsmilies,public,userid,'0000-0-0',version(),userid FROM calendar_events WHERE eventid = 14)
mysql error: You have an error in your SQL syntax near 'union (SELECT allowsmilies,public,userid,'0000-0-0',version(),userid FROM calend' at line 1

mysql error number: 1064

Date: Tuesday 06th of January 2004 11:09:36 PM
Script: http://forums.*****.com/calendar.php?s=&action=edit&eventid=14%20union%20( SELECT%20allowsmilies,public ,userid,\'0000-0-0\',version(),userid%20FROM%20calendar_events%20WH ERE%20eventid%20=%2014)
Referer:
That is someone trying (and failing) to take advantage of the security error in vB 2.3.x.

Taken from:
http://www.vbulletin.com/forum/showthread.php?t=91408

So upgrade your 2.3.3 forums. Go to vB3.

Added - the security issue only affects calendar.php APPARENTLY.

So just upload a new calendar.php found here:
http://www.vbulletin.com/forum/showp...33&postcount=3
Reply With Quote
  #3  
Old 01-07-2004, 01:09 PM
Gary King's Avatar
Gary King Gary King is offline
 
Join Date: Jan 2002
Posts: 2,046
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Already upgraded to vB 3
Reply With Quote
  #4  
Old 01-07-2004, 03:50 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
i collection spoons (refrence to vb.com thread)
Reply With Quote
  #5  
Old 01-07-2004, 11:21 PM
Erwin's Avatar
Erwin Erwin is offline
 
Join Date: Jan 2002
Posts: 7,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I edited my first post. Apparently the security bug only affects calendar.php - you can download and upload an updated one from vB.com here:
http://www.vbulletin.com/forum/showp...33&postcount=3
Reply With Quote
  #6  
Old 01-08-2004, 01:17 PM
deathemperor's Avatar
deathemperor deathemperor is offline
 
Join Date: Jul 2003
Location: HOL
Posts: 1,270
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Luckily I am using the latest Vb3 ^ ^
Reply With Quote
  #7  
Old 01-16-2004, 07:02 PM
VirusEJ VirusEJ is offline
 
Join Date: May 2003
Posts: 10
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Does anyone know how to apply this upgrade if you are using vbportal? As part of the upgrade includes overwritting most files etc? which would mean I have to re-upload vbportal after?

Oh man I am so confused !!!!!
Reply With Quote
  #8  
Old 01-16-2004, 07:41 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by VirusEJ
Does anyone know how to apply this upgrade if you are using vbportal? As part of the upgrade includes overwritting most files etc? which would mean I have to re-upload vbportal after?

Oh man I am so confused !!!!!
id suggest asking on the vBportal's forums, as it is a paid product but id suggest NOT using vBportal
Reply With Quote
  #9  
Old 01-17-2004, 01:46 AM
diettalk's Avatar
diettalk diettalk is offline
 
Join Date: Jan 2002
Location: Maryland
Posts: 109
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
You just need to overwrite the calendar.php file as instructed by vbulletin ... vbportal doesn't make any changes to that file.

Quote:
Originally Posted by VirusEJ
Does anyone know how to apply this upgrade if you are using vbportal? As part of the upgrade includes overwritting most files etc? which would mean I have to re-upload vbportal after?

Oh man I am so confused !!!!!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 02:09 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03784 seconds
  • Memory Usage 2,240KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete