[1.7.0] Exploit found in lib/phpbb.php

Official announcements concerning bugs and fixes in the WoWRoster package
Posting is restricted to Forum Moderators

[1.7.0] Exploit found in lib/phpbb.php

Postby zanix » Mon Jul 17, 2006 10:36 am

I have just been notified that there is a servere bug in this file
lib/phpbb.php

Please delete this file from your servers untill a fix can be found!
Last edited by zanix on Sun Oct 22, 2006 12:20 pm, edited 1 time in total.
Read the Forum Rules, the WiKi, and Search before posting!
WoWRoster v2.1 - SigGen v0.3.3.523 - WoWRosterDF
User avatar
zanix
Admin
Admin
WoWRoster.net Dev Team
WoWRoster.net Dev Team
UA/UU Developer
UA/UU Developer
 
Posts: 5543
Joined: Mon Jul 03, 2006 8:29 am
Location: Idaho Falls, Idaho
Realm: Doomhammer (PvE) - US

Exploit found in lib/phpbb.php

Postby zanix » Mon Jul 17, 2006 10:45 am

The bug has been identified as a remote inclusion attack
With this bug, it is possible for someone to gain access to the server roster is installed on

This file will be updated in rosterdiag, and available for download via our downloads area when it is fixed


In the meantime, please remove this file from your server
If you have configured roster to use phpbb auth, you will have to disable it when you remove this file
Read the Forum Rules, the WiKi, and Search before posting!
WoWRoster v2.1 - SigGen v0.3.3.523 - WoWRosterDF
User avatar
zanix
Admin
Admin
WoWRoster.net Dev Team
WoWRoster.net Dev Team
UA/UU Developer
UA/UU Developer
 
Posts: 5543
Joined: Mon Jul 03, 2006 8:29 am
Location: Idaho Falls, Idaho
Realm: Doomhammer (PvE) - US

Exploit found in lib/phpbb.php

Postby zanix » Mon Jul 17, 2006 11:14 am

A fix has been posted in WowRoster > Patched Files in the downloads area
http://www.wowroster.net/Downloads/details/id=33.html

You can also get this update via RosterDiag
Read the Forum Rules, the WiKi, and Search before posting!
WoWRoster v2.1 - SigGen v0.3.3.523 - WoWRosterDF
User avatar
zanix
Admin
Admin
WoWRoster.net Dev Team
WoWRoster.net Dev Team
UA/UU Developer
UA/UU Developer
 
Posts: 5543
Joined: Mon Jul 03, 2006 8:29 am
Location: Idaho Falls, Idaho
Realm: Doomhammer (PvE) - US


Return to Official Bugs & Updates

Who is online

Users browsing this forum: No registered users and 0 guests

cron