Welcome, Guest. Please Login or Register.
April 27, 2025, 06:57:12 PM
Home Help Search Log in Register
News: SMF is the next generation in forum software, almost completely re-written from the ground up, make sure you don't fall for cheap imitations that suffer from feature bloat!

YaBB SE Community  |  General Category  |  Feedback  |  does se have this 'hole'? « previous next »
Pages: [1] Reply Ignore Print
Author Topic: does se have this 'hole'?  (Read 735 times)
Overseer
Sr. Member
****
Posts: 455
does se have this 'hole'?
« on: November 12, 2002, 09:57:22 AM »		 Reply with quote
QuoteAs you may know after today's forum closure, a vulnerability was recently discovered in YaBB.  A group of malicious users took advantage of this vulnerability and defaced the forum on this site.  They also used the mailer function in YaBB and slowed the server down tremendously.
 
We believe we have fixed the problems on this forum.  Data should be restored, the malicious users removed, and the security hole closed.  We will be keeping our eyes out, however.
 
It has come to our attention that this group and others are defacing a lot of YaBB forums and possibly forums by other companies/organizations, as this vulnerability may very well exist in a lot of similar software.
 

more here

http://www.yabbforum.com/community/?board=general;action=display;num=1037070452


1) is my board at risk?
2) has this been fixed?

i found the security fixes in the bugs forum... but they're 'use at your own risk' etc etc
Logged
I learned that from the G's, a G is an Overseer, the Overseer sees.
More than you do 'cause he gets experienced - Snoop on Daz's OG

Supreme exalted, universal leader, Descendent of the kings and queens, the Overseer
The overlord, cream of the crop, creme de la creme - Gang Starr  Royalty
Chris Cromer
The Strange One
Mod Team
YaBB God
*****
Posts: 3152


I am just a figment of your imagination.

WWW
Re:does se have this 'hole'?
« Reply #1 on: November 12, 2002, 10:29:01 AM »		 Reply with quote
Nope only the perl version has that security hole.
Logged
Chris Cromer

I am not suffering from insanity, I am enjoying every minute of it.
Overseer
Sr. Member
****
Posts: 455
Re:does se have this 'hole'?
« Reply #2 on: November 12, 2002, 10:33:53 AM »		 Reply with quote
ok thanks.

the mail xnull sent out to all its users (its my host) said SE might (note: not is) be affected so i thought i ought to check.
« Last Edit: November 12, 2002, 10:35:41 AM by Overseer » Logged
I learned that from the G's, a G is an Overseer, the Overseer sees.
More than you do 'cause he gets experienced - Snoop on Daz's OG

Supreme exalted, universal leader, Descendent of the kings and queens, the Overseer
The overlord, cream of the crop, creme de la creme - Gang Starr  Royalty
Compuart
Quality, Quality, Quality!
YaBB God
*****
Posts: 1283


ICQ - 8801024Compuart@hotmail.com WWW
Re:does se have this 'hole'?
« Reply #3 on: November 12, 2002, 10:36:50 AM »		 Reply with quote
Although we are still conducting tests, the vulnerability found in YaBB 1 Gold - SP1 does not appaer to be in YaBB SE. YaBB SE only uses POST-variables for storage of forms.

Of course, we will keep looking for any possible security threats.
Logged
www.simplemachines.org
www.Realitynet.nl -> www.IdolsWeb.org / www.ExpeditieRobinson.net / www.PlanetRace.org / www.WieIsDeMol.Com / www.PekingExpress.org
Pages: [1] Reply Ignore Print 
YaBB SE Community  |  General Category  |  Feedback  |  does se have this 'hole'? « previous - next »
 


Powered by MySQL Powered by PHP YaBB SE Community | Powered by YaBB SE
© 2001-2003, YaBB SE Dev Team. All Rights Reserved.
SMF 2.1.4 © 2023, Simple Machines
 Valid XHTML 1.0! Valid CSS

Page created in 0.029 seconds with 18 queries.