Is SMF 1.1 RC1 Vulnerable ?

AtariKid · helmikuu 18, 2008, 04:43:18 IP

It appears that someone used the 146 (Northwich) Air Cadets' website to hack into a board I frequent. Details are here and are pretty interesting. The forum is currently using SMF 1.1 RC1. Help in overcoming it's vulnerability is appreciated. I think these hackers will happen this again.

Tony Reid · helmikuu 18, 2008, 04:44:43 IP

You need to upgrade to 1.1.4 as soon as possible.

AtariKid · helmikuu 18, 2008, 05:03:20 IP

Thanks. I'll let them know.

Is 1.1.4 the latest SMF?

shadow82x · helmikuu 18, 2008, 05:05:05 IP

Lainaus käyttäjältä: AtariKid - helmikuu 18, 2008, 05:03:20 IP
Thanks. I'll let them know.

Is 1.1.4 the latest SMF?

Yes. There have been many security fixes between the versions.

Grudge · helmikuu 18, 2008, 05:10:28 IP

Not many - but one is more than enough to warrant an upgrade

AtariKid · helmikuu 18, 2008, 07:16:32 IP

Lainaus käyttäjältä: shadow82x - helmikuu 18, 2008, 05:05:05 IP
Lainaus käyttäjältä: AtariKid - helmikuu 18, 2008, 05:03:20 IP
Is 1.1.4 the latest SMF?
Yes. There have been many security fixes between the versions.

No go on the upgrade. Since the board is on rc1, he's gone with the larger upgrade (choice b) and tried zip, and tar.gz, and tar.bz2 package. Both times he's gotten: The package you tried to upload either is not a valid package or has become corrupted.

Any advice?

shadow82x · helmikuu 18, 2008, 07:40:25 IP

Is he uploading the upgrade files in FTP? He cant use the SMF package manager, he must import the upgrade files than run http://forums.com/upgrade.php.

AtariKid · helmikuu 19, 2008, 12:44:52 AP

Not sure, but will send him the message. Thanks!

Bigguy · helmikuu 19, 2008, 12:56:17 AP

This might also help:

Upgrade SMF

Simple Machines Community Forum

Uutiset:

Is SMF 1.1 RC1 Vulnerable ?

AtariKid

Tony Reid

AtariKid

shadow82x

Grudge

AtariKid

shadow82x

AtariKid

Bigguy