vBulletin Vulnerability

Kodeking · 01-07-2005, 02:35 PM

I don't think anyone posted this here yet, but I want to get the word out before something like the PHPBB worm starts up here. I just got this email from Jelsoft:

Quote:

JELSOFT SECURITY BULLETIN
http://www.vbulletin.com/
January 7th, 2005

This email contains important security-related information.
Please read it carefully.

* vBulletin 3.0.4 / 3.0.5 Released
* Important Warning About Sensitive Data
* Security Issues in PHP 4.3.9, 5.0.2 & Older
* Your License Information
* Contact Us

------------ VBULLETIN 3.0.4 / 3.0.5 RELEASED ------------

The discovery of a serious security vulnerability in versions of vBulletin 3 up to and including 3.0.4 has necessitated the immediate release of a version to plug the hole. This is a CRITICAL update, and we urge all customers running affected software to upgrade vBulletin with the utmost urgency.

vBulletin 3.0.5 includes all the updates recently released as part of vBulletin 3.0.4, including a long list of fixes for minor annoyances and bugs found since version 3.0.3.

vBulletin 3.0.5 is available for immediate download from the vBulletin Members' Area.
http://www.vbulletin.com/members/

If you are unable to upgrade immediately, you should at least download the patched version of includes/init.php from the release announcement thread and replace your existing version with it.

Please read the announcement for upgrade and installation instructions, as well as the list of bugs fixed and other
changes:

http://www.vbulletin.com/forum/showthread.php?t=125480

--------- IMPORTANT WARNING ABOUT SENSITIVE DATA ---------

Due to the nature of the vulnerability discovered in vBulletin 3, and as part of our ongoing effort to maximize security, we must assume that one or all of the vBulletin servers may have been compromised.

Therefore, we would STRONGLY RECOMMEND that any customers who may have submitted sensitive data; such as vBulletin admin control panel or server login details, to Jelsoft staff in the past should take steps to alter these details, so that any information that may have been accessed by an unauthorized party could not be used.

We would like to reassure our customers that Jelsoft keeps NO RECORD of credit card numbers used in transactions, making it impossible for these details to be discovered or abused.

Additionally, steps have been taken and are ongoing to ensure that any potentially leaked data does not contain sensitive data.

------ SECURITY ISSUES IN PHP 4.3.9, 5.0.2 & OLDER -------

The PHP development team recently released PHP 4.3.10 and
5.0.3 in order to patch serious security issues in previous versions.

With the emergence of malicious code such as the Santy/NeverEverNoSanity worms, which are responsible for defacing and damaging a large number of sites, we join with the PHP team in advising all customers running PHP versions older than 4.3.10 or 5.0.3 to upgrade as soon as possible to one of the patched versions.

RJ · 01-07-2005, 03:28 PM

thanks Jason. Just made the init changes here on NP.

ZuraX · 01-07-2005, 03:29 PM

Yeah thing is I have well over 10 hacks on my board. This sucks big time.

Guess I have to start adding the hacks all over again.

Scott · 01-07-2005, 03:57 PM

Thanks for the reminder. I just took the leap and upgraded PP although the forum is built into the game, or game built into the forum, whatever. Luckily the game works fine, just need to readd all my hacks to the forums.

ZuraX · 01-07-2005, 04:12 PM

How did you do it? Just save a back up of the mysql and upgrade then reinstall the hacks?

ServeTraffic · 01-07-2005, 08:16 PM

Just updated mine, woowee! Thank goodness for updates.

CoolGuy · 01-07-2005, 08:35 PM

Hackers are really getting bored. now man! They need to stop trying to spoil a great thing. If any are found I suggest serious punishment.

ServeTraffic · 01-07-2005, 09:54 PM

I agree, they have no direction in life, and they fear us this is why they do it.

{insert name here} · 01-07-2005, 10:27 PM

I've personaly never understood why hackers feel the need to ruin and destroy others work. And I have never understood the need for someone to have the urge to write a viruse.

Scott · 01-08-2005, 03:00 AM

Originally Posted by ZuraX

How did you do it? Just save a back up of the mysql and upgrade then reinstall the hacks?

cp -R vb vb-backup in SSH and then did the upgrade. Didn't care too much about backing up MySQL, I live on the edge. I haven't reinstalled the hacks yet.

ZuraX · 01-08-2005, 01:38 PM

Just read over at VB .com that theres a BIG update coming. This will suck, do this upgrade and reinstall the hacks, then in a month or two do it all again...

Scott · 01-08-2005, 04:30 PM

Originally Posted by ZuraX

Just read over at VB .com that theres a BIG update coming. This will suck, do this upgrade and reinstall the hacks, then in a month or two do it all again...

Yup

But that's life I guess

CoolGuy · 01-08-2005, 09:36 PM

I never really add too many mods, makes life easier.

ZuraX · 01-08-2005, 09:41 PM

Yes but MODS help bring in users most of the time...

CoolGuy · 01-08-2005, 09:56 PM

You need a few mods, forums with too many mods, load slowly and just look complicated. A few good mods are all you need.

RJ · 01-19-2005, 02:47 AM

There's another security upgrade, now the current version is 3.0.6. I just completed the upgrade, and so far so good.

01-07-2005, 03:28 PM	#2 (permalink)
RJ NamePros Webmaster Join Date: Feb 2003 Posts: 12,930 Follow @DomainBuyer	thanks Jason. Just made the init changes here on NP. __________________ @DomainBuyer facebook

01-07-2005, 03:29 PM	#3 (permalink)
ZuraX Senior Member Join Date: Apr 2003 Location: Pennsylvania USA Posts: 2,683	Yeah thing is I have well over 10 hacks on my board. This sucks big time. Guess I have to start adding the hacks all over again. __________________ Been a NP member for 5 or more years? PM me to join the Social Group!

01-07-2005, 04:12 PM	#5 (permalink)
ZuraX Senior Member Join Date: Apr 2003 Location: Pennsylvania USA Posts: 2,683	How did you do it? Just save a back up of the mysql and upgrade then reinstall the hacks? __________________ Been a NP member for 5 or more years? PM me to join the Social Group!

01-07-2005, 08:16 PM	#6 (permalink)
ServeTraffic NamePros Member Join Date: Jul 2004 Location: U.S.A.----- Ohio Posts: 117	Just updated mine, woowee! Thank goodness for updates. __________________ ServeTraffic.Com Make money with your traffic, Join our publisher network click here to find out more.

01-07-2005, 08:35 PM	#7 (permalink)
CoolGuy Senior Member Join Date: Jan 2004 Posts: 1,505	Hackers are really getting bored. now man! They need to stop trying to spoil a great thing. If any are found I suggest serious punishment. __________________ Social Blurpalicious Directory Submissions World Internet Discovery Forums International & Local Political Blog Domain for sale: salesold.com (expires April 2009)

01-07-2005, 03:57 PM	#4 (permalink)
Scott Senior Member Join Date: Jun 2003 Location: UK Posts: 3,547	Thanks for the reminder. I just took the leap and upgraded PP although the forum is built into the game, or game built into the forum, whatever. Luckily the game works fine, just need to readd all my hacks to the forums.

01-07-2005, 09:54 PM	#8 (permalink)
ServeTraffic NamePros Member Join Date: Jul 2004 Location: U.S.A.----- Ohio Posts: 117	I agree, they have no direction in life, and they fear us this is why they do it. __________________ ServeTraffic.Com Make money with your traffic, Join our publisher network click here to find out more.

01-07-2005, 10:27 PM	#9 (permalink)
{insert name here} Senior Member Join Date: Dec 2004 Posts: 1,304	I've personaly never understood why hackers feel the need to ruin and destroy others work. And I have never understood the need for someone to have the urge to write a viruse.

01-08-2005, 01:38 PM	#11 (permalink)
ZuraX Senior Member Join Date: Apr 2003 Location: Pennsylvania USA Posts: 2,683	Just read over at VB .com that theres a BIG update coming. This will suck, do this upgrade and reinstall the hacks, then in a month or two do it all again... __________________ Been a NP member for 5 or more years? PM me to join the Social Group!

01-08-2005, 09:36 PM	#13 (permalink)
CoolGuy Senior Member Join Date: Jan 2004 Posts: 1,505	I never really add too many mods, makes life easier. __________________ Social Blurpalicious Directory Submissions World Internet Discovery Forums International & Local Political Blog Domain for sale: salesold.com (expires April 2009)

01-08-2005, 09:41 PM	#14 (permalink)
ZuraX Senior Member Join Date: Apr 2003 Location: Pennsylvania USA Posts: 2,683	Yes but MODS help bring in users most of the time... __________________ Been a NP member for 5 or more years? PM me to join the Social Group!

01-08-2005, 09:56 PM	#15 (permalink)
CoolGuy Senior Member Join Date: Jan 2004 Posts: 1,505	You need a few mods, forums with too many mods, load slowly and just look complicated. A few good mods are all you need. __________________ Social Blurpalicious Directory Submissions World Internet Discovery Forums International & Local Political Blog Domain for sale: salesold.com (expires April 2009)

01-19-2005, 02:47 AM	#16 (permalink)
RJ NamePros Webmaster Join Date: Feb 2003 Posts: 12,930 Follow @DomainBuyer	There's another security upgrade, now the current version is 3.0.6. I just completed the upgrade, and so far so good. __________________ @DomainBuyer facebook

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)