vBulletin exploit

[Bozo]

vBulletin exploit in the wild

 

[Handruin]

Thanks Bozo. I'll get us updated soon.

 

[CougTek]

This is also very reassuring. Oh well, if it wasn't be vBulletin, it would be some other forum software that would be hacked. None is immune, apparently.

 

[Handruin]

This is also very reassuring. Oh well, if it wasn't be vBulletin, it would be some other forum software that would be hacked. None is immune, apparently.

Thanks. I got an email from vBulletin yesterday about it. There was no reassurance there either. It's true that none are immune to attacks and such. One possible benefit for the open source variants is that the code can be reviewed by numerous eyes to help look for a solution to the problem. We are stuck waiting on the vbulletin devs to help solve this. It's not clear to me if this is a vBulletin 3.x issue as reported with the macrumors case or if it has been verified that 4.x and 5.x are also vulnerable.

 

[CougTek]

Have they released a patch for this hole yet?

 

[Handruin]

Not that I know of. October 8th was the last announced security fix.

 

[Chewy509]

Speaking of vBulletin exploits, OpenSUSE forums (which run vBullentin 4.2.1 - the same as here) was broken into...

http://linux.slashdot.org/story/14/01/08/1656231/opensuse-forums-defaced-email-addresses-leaked

FYI

 

[Handruin]

Speaking of vBulletin exploits, OpenSUSE forums (which run vBullentin 4.2.1 - the same as here) was broken into...

http://linux.slashdot.org/story/14/01/08/1656231/opensuse-forums-defaced-email-addresses-leaked

FYI

There was a vbulletin security announcement monday regarding an issue. Maybe this breach is the result of that.