14 June 2007, 11:19

Security vulnerability in YaBB forum software

Security services provider iDefense has reported a vulnerability in the Yet another Bulletin Board (YaBB) forum software. The scripts for registering a user and changing a user's profile fail to check some user-provided entries correctly. As a result, an attacker can gain administrator access to YaBB forums without a valid login and, for example, modify templates - using which, commands can be issued which are executed with the web server's privileges.

The developers have not yet released a new version of the software, but have developed a patch. They recommend incorporating the patch into the YaBB source code using the BoardMod application and then overwriting the affected register.pl and profile.pl files on the server. Experienced users can also incorporate the patch by hand. Administrators should install the patch as soon as possible to avoid the risk of their forum being defaced or the web server being compromised.

Security vulnerability in YaBB forum software

Internet Toolkit

SSL for free - step by step

Testing email with encryption

Shortened-breaks

The H Security Conficker information site

Health Check: Mandriva

Kernel Log: Linux 2.6.34 goes into testing

Happenings: FOSS at CeBIT 2010

The H Update Check

Of Android and the Fear of Fragmentation

Kernel Log: Stable kernels analysed, Linux without firmware, new graphics drivers

What's new in Linux 2.6.33

KDE SC 4.4: Fresh breeze for KDE

Health Check: FreeBSD - "The unknown giant"

New life for dead software

Price Insight Top 10

The H

The H open source

The H Security

The H Internet Toolkit