August 11, 2008 @ 9:27 PM
Security Update
Earlier today, I was informed of one SQL injection security hole that used a similar method to the previous vulnerabilities. The vulnerability was not made public before this patch was released.
I must thank Matt from
http://mozor.net/ for informing me of this security hole and also the one from April 12th. He has been extremely helpful and reported this security hole to me first before making it public.
Affects: 1.0-rc9.3 and below (The development version of 2.0 also has this flaw but that will be fixed shortly.)
Severity: Critical
Details:
A flaw in includes/functions.php allows an attacker to inject SQL into an SQL statement. SQL injection can allow for password hashes (not actual passwords) to be stolen and other security breaches to occur. This flaw is caused by a very similar problem to our previous security fixes, but we have eliminated the bug in the filter instead of plugging each vulnerability as it was reported.
How to patch:
The best way to patch this is to download a copy of IceBB 1.0-rc10 from SourceForge.net. This release contains only this fix with no other bug fixes or features. If you download this release, you will not need to apply any previous patches. You do not need to run the upgrade script as no database changes have been made, just replace your files.
If you do not wish to upgrade at the current time, you may download the patched functions.php and replace your includes/functions.php with it. Note that you should also apply the previous security fixes if you have not done so already, even though this fix should take care of them as well.
[
Attachment: functions.php ]
