Go Back   vb.org Archive > News and Announcements > News and Announcements
Reload this Page vBulletin 3.0.7 released
FAQ Community Calendar Today's Posts Search

Reply
Page 1 of 2 1 2
 
Thread Tools Display Modes
  #1  
Old 02-19-2005, 06:27 PM
filburt1 filburt1 is offline
 
Join Date: Feb 2002
Location: Maryland, US
Posts: 6,144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default vBulletin 3.0.7 released
It is directed primarily as a security fix that apparently is caused by enabling debug comments in templates (something production sites should not do anyway). However, it also fixes a slew of other bugs, so as usual, you should always stay up to date.

More: http://www.vbulletin.com/forum/showthread.php?t=130591
Reply With Quote
  #2  
Old 02-19-2005, 06:28 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Indeed, https://vborg.vbsupport.ru/showthread.php?t=76641
Reply With Quote
  #3  
Old 02-19-2005, 06:30 PM
Deaths Deaths is offline
 
Join Date: Oct 2004
Location: Europe, Belgium
Posts: 679
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Hmm, I'll have a look at it.

I'm just hoping it doesn't make any major changes to the files I use for my hack, as it's almost finished now ~~.

EDIT:
Yes, why not create an almost entirely new attachment.php, when that's one of the most time taking parts of my hack, and I was almost done with it -.-
Reply With Quote
  #4  
Old 02-19-2005, 08:49 PM
Geographic2 Geographic2 is offline
 
Join Date: Apr 2003
Location: On the map
Posts: 81
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Again? Yuk.

I had just gotten 3.0.6 almost working...
might as well start a fresh merge now...
Reply With Quote
  #5  
Old 02-19-2005, 09:29 PM
Merlin_ Merlin_ is offline
 
Join Date: Feb 2004
Location: Oregon
Posts: 10
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
The exploit code says 3.0.5 and up are immune. Is that not right?
Reply With Quote
  #6  
Old 02-19-2005, 09:31 PM
Erwin's Avatar
Erwin Erwin is offline
 
Join Date: Jan 2002
Posts: 7,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Merlin_
The exploit code says 3.0.5 and up are immune. Is that not right?
No. Only 3.0.7 is immune but only if you have template name in HTML enabled in your Admin CP, which is off by default and which most sites won't have.
Reply With Quote
  #7  
Old 02-20-2005, 12:49 AM
AN-net's Avatar
AN-net AN-net is offline
 
Join Date: Dec 2003
Location: AnimationTalk.com
Posts: 2,367
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
what is exactly the problem with using the html comments, the posts do not mention what the hole is. if it can not be discussed publically can someone drop me a pm...
Reply With Quote
  #8  
Old 02-20-2005, 11:09 AM
Dean C's Avatar
Dean C Dean C is offline
 
Join Date: Jan 2002
Location: England
Posts: 9,071
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
It wouldn't be sensible to mention how it can be exploited in public. So before anyone tries ...
Reply With Quote
  #9  
Old 02-20-2005, 12:25 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Dean C
It wouldn't be sensible to mention how it can be exploited in public. So before anyone tries ...
While that may be partly true - people may pay more attention if the problem is actually known rather than some vague "there is an issue". I must admit that I'm struggling to understand how adding comments poses a security risk, I'm sure many others are as well, and people tend to ignore and dismiss something they can't see or understand.
Reply With Quote
  #10  
Old 02-20-2005, 12:44 PM
Dean C's Avatar
Dean C Dean C is offline
 
Join Date: Jan 2002
Location: England
Posts: 9,071
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I understand that, but if we posted up how it can be exploted in public, then you'd have people going around exploiting people's sites. And there are LOTS of people who don't upgrade and apply patches
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 02:54 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04517 seconds
  • Memory Usage 2,268KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete