Мне пришло письмо из Jelsoft(так как я обладатель лицензии булки): -------- JELSOFT SECURITY BULLETIN http://www.vbulletin.com/ 1st March 2007 * New vBulletin Versions Released: 3.5.8 and 3.6.5 * Additional Notes For vBulletin 3.6.5 * Your License Information * Contact Us ---- NEW VBULLETIN VERSIONS RELEASED: 3.5.8 AND 3.6.5 ---- An exploit was recently reported which affects vBulletin versions 3.5.x and 3.6.x. Although the report is inaccurate and the published exploit does not work as claimed unless a highly unlikely set of circumstances exist, it has highlighted a potential security issue in these vBulletin versions. Therefore, we have decided to release updated versions, these being vBulletin 3.5.8 and 3.6.5. We recommend that all customers running vBulletin 3.5.x or 3.6.x upgrade to the appropriate version or apply the supplied patch as soon as possible. It is worth noting that in order to exploit the problem highlighted by the report, the attacking user must satisfy the following conditions: * Must already have moderator privileges * Must share the same IP address as an existing administrator who is currently logged in to the Admin Control Panel * Must know the Alt-IP and user agent (exact browser identification) of the administrator OR must know the license number of the site being attacked Given these requirements, the privilege escalation exploit claimed by the report is almost impossible to achieve. We have posted instructions on the vBulletin.com announcements forum detailing procedures to upgrade or patch each affected version. Please follow the relevant links below. Upgrade information and patch for 3.6.* series http://www.vbulletin.com/go/365 Upgrade information and patch for 3.5.* series http://www.vbulletin.com/go/358 ---------- ADDITIONAL NOTES FOR VBULLETIN 3.6.5 ----------- As well as fixing the security flaw described above, version 3.6.5 also contains fixes for a number of minor bugs affecting Safari cookies, IE7 compatibility, infractions and recent FreeBSD PHP installations. Details of the bugs fixed can be found via the URL listed above. Please also note that the original intention for vBulletin 3.6.5 had been to include a number of other bug fixes and improvements that have been reported since 3.6.4. Unfortunately, the necessity of bringing out a version quickly to fix the exploit has meant that many of these fixes have not had sufficient time to be fully tested to the extent that we would like and have therefore been kept back for vBulletin 3.6.6. We understand that this may be frustrating to our customers, and in order to minimize the inconvenience caused by this update, we have ensured that this vBulletin 3.6.5 release contains no template or phrase changes, which will hopefully make upgrading as painless as possible. ---------------- YOUR LICENSE INFORMATION ---------------- You can use this information to log into the members' area to download vBulletin, ImpEx and other vBulletin-related support materials: Your Customer Number: J46810B3E863 If you have misplaced your customer password, you can request that it be re-sent to your registered email address using the following form: http://www.vbulletin.com/go/lostpw The members' area is located here: http://members.vbulletin.com/ -------------------- CONTACT US -------------------------- Please do not respond to this email directly. We will not receive your response. Please use the links below. Got a vBulletin technical query? Contact support: http://www.vbulletin.com/go/techsupport For all other queries, please visit this page: http://www.vbulletin.com/go/contact ---------------------------------------------------------- This periodic email newsletter is delivered to all current vBulletin customers, and contains information about new software versions and Jelsoft.com / vBulletin.com web site features and content. If you have any questions or comments about this mailing, please contact us via the links above. This email sent to: [email protected] Copyright ©2000-2006, Jelsoft Enterprises Limited -------------- Интересно, правда?
нет блин они взяли и пошутили. Или ты хотел сказать что это "интересно"? Имхо, не интереснее чем релиз 3,5.7, 6, и 5
Ну блин там написано эксплоит есть на эти версии=) они аж две темы на форуме создали!) читаем vbnetru
ну написано, значит есть. В паблике его не видно судя по всему - не удивительно. У ВБ обычно сначало патчи выходят а потом инфа в паблике появляется. Можно патч посмотреть и узнать что там изменено. оттуда и копать.
ReanimatoR я бы поковырял, но сейчас не до того ей богу. так то я думаю патчик можно на вб.нет.ру найти.
файл inlinemod.php Было это: Code: case 'domergethreads': $vbulletin->input->clean_array_gpc('p', array( 'threadids' => TYPE_STR, )); $threadids = explode(',', $vbulletin->GPC['threadids']); foreach ($threadids AS $index => $threadid) { if (intval($threadid) == 0) { unset($threadids["$index"]); } else { $threadids["$index"] = intval($threadid); } } if (empty($threadids)) { eval(standard_error(fetch_error('you_did_not_select_any_valid_threads'))); } if (count($threadids) > $threadlimit) { eval(standard_error(fetch_error('you_are_limited_to_working_with_x_threads', $threadlimit))); } break; Стало это: Code: case 'domergethreads': $vbulletin->input->clean_array_gpc('p', array( 'threadids' => TYPE_STR, )); $threadids = explode(',', $vbulletin->GPC['threadids']); foreach ($threadids AS $index => $threadid) { if ($threadids["$index"] != intval($threadid)) { unset($threadids["$index"]); } } if (empty($threadids)) { eval(standard_error(fetch_error('you_did_not_select_any_valid_threads'))); } if (count($threadids) > $threadlimit) { eval(standard_error(fetch_error('you_are_limited_to_working_with_x_threads', $threadlimit))); } break;
а не. там еще одна функция изменена. Code: case 'docopyposts': $vbulletin->input->clean_array_gpc('p', array( 'postids' => TYPE_STR, )); $postids = explode(',', $vbulletin->GPC['postids']); foreach ($postids AS $index => $postid) { if (intval($postid) == 0) { unset($postids["$index"]); } else { $postids["$index"] = intval($postid); } } if (empty($postids)) { eval(standard_error(fetch_error('no_applicable_posts_selected'))); } if (count($postids) > $postlimit) { eval(standard_error(fetch_error('you_are_limited_to_working_with_x_posts', $postlimit))); } break; на эту: Code: case 'docopyposts': $vbulletin->input->clean_array_gpc('p', array( 'postids' => TYPE_STR, )); $postids = explode(',', $vbulletin->GPC['postids']); foreach ($postids AS $index => $postid) { if ($postids["$index"] != intval($postid)) { unset($postids["$index"]); } } if (empty($postids)) { eval(standard_error(fetch_error('no_applicable_posts_selected'))); } if (count($postids) > $postlimit) { eval(standard_error(fetch_error('you_are_limited_to_working_with_x_posts', $postlimit))); } break;
