phpBB worm

Locked
User avatar
J-0080
Joined: Thu May 01, 2003 7:37 pm
Location: Mid-West Side Laying On: Fangirls
Org Profile

phpBB worm

Post by J-0080 » Tue Dec 21, 2004 7:12 pm

http://news.zdnet.com/2100-1009_22-5499725.html

So is the .ORG using an older, vulnerable form of phpBB software?
paizuri wrote:There's also no need for introductions because we're generally a friendly bunch and will welcome you with wide open arms anyway.
Top
User avatar
Kalium
Sir Bugsalot
Joined: Fri Oct 03, 2003 11:17 pm
Location: Plymouth, Michigan
Org Profile

Post by Kalium » Tue Dec 21, 2004 7:36 pm

It's actually a vulnerability in PHP itself, not in PHPbb.
Top
User avatar
Zarxrax
Joined: Sun Apr 01, 2001 6:37 pm
Contact:
Contact Zarxrax
Org Profile

Post by Zarxrax » Tue Dec 21, 2004 7:52 pm

Derobert said we are all up to date.
Top
User avatar
Lyrs
Joined: Thu Aug 29, 2002 2:41 pm
Location: Internet Donation: 5814 Posts
Org Profile

Post by Lyrs » Wed Dec 22, 2004 6:07 pm

Powered by phpBB 2.0.11 © 2001, 2002 phpBB Group
The exploit has been fixed in v2.0.11. Check out a little site called www.phpbb.com for more information. ^^
GeneshaSeal - Dead Seals for Free
Orgasm - It's a Science
Top
User avatar
Kalium
Sir Bugsalot
Joined: Fri Oct 03, 2003 11:17 pm
Location: Plymouth, Michigan
Org Profile

Post by Kalium » Wed Dec 22, 2004 6:14 pm

Oy, read carefully: it's a problem in PHP proper, not phpBB.
Top
User avatar
Lyrs
Joined: Thu Aug 29, 2002 2:41 pm
Location: Internet Donation: 5814 Posts
Org Profile

Post by Lyrs » Wed Dec 22, 2004 6:20 pm

Indeed, but this is a phpBB board that runs on php. v2.0.11 will prevent the execution of the crack in the phpcode.
GeneshaSeal - Dead Seals for Free
Orgasm - It's a Science
Top
User avatar
Lyrs
Joined: Thu Aug 29, 2002 2:41 pm
Location: Internet Donation: 5814 Posts
Org Profile

Post by Lyrs » Wed Dec 22, 2004 6:24 pm

Lyrs wrote:Indeed, but this is a phpBB board that runs on php. v2.0.11 will prevent the execution of the crack in the phpcode.
A_Jelly_Doughnut wrote:psoTFX is referring to a seperate, but serious,vulnerability in PHP itself. The one through which this worm spreads is in phpBB
Link
GeneshaSeal - Dead Seals for Free
Orgasm - It's a Science
Top
trythil
is
Joined: Tue Jul 23, 2002 5:54 am
Status: N͋̀͒̆ͣ͋ͤ̍ͮ͌ͭ̔̊͒ͧ̿
Location: N????????????????
Org Profile

Post by trythil » Wed Dec 22, 2004 8:03 pm

Lyrs wrote:Indeed, but this is a phpBB board that runs on php. v2.0.11 will prevent the execution of the crack in the phpcode.
Wrong. I can exploit the security hole with any other PHP application.

The important thing to fix is PHP itself, NOT phpBB -- although having both updated is also good.

As stated previously, though, the site is immune to this particular vulnerability.
Top
trythil
is
Joined: Tue Jul 23, 2002 5:54 am
Status: N͋̀͒̆ͣ͋ͤ̍ͮ͌ͭ̔̊͒ͧ̿
Location: N????????????????
Org Profile

Post by trythil » Wed Dec 22, 2004 8:04 pm

trythil wrote:
Lyrs wrote:Indeed, but this is a phpBB board that runs on php. v2.0.11 will prevent the execution of the crack in the phpcode.
Wrong. I can exploit the security hole with any other PHP application.
"Any other", I suppose, is misleading, at least from a standpoint of quantitative logic. "Other" is better.
Top
User avatar
Lyrs
Joined: Thu Aug 29, 2002 2:41 pm
Location: Internet Donation: 5814 Posts
Org Profile

Post by Lyrs » Wed Dec 22, 2004 8:12 pm

But does that mean you can't exploit the security hole in phpBB v2.0.11?
GeneshaSeal - Dead Seals for Free
Orgasm - It's a Science
Top
Locked

Return to “Site Help & Feedback”