vBulletin 3 보안 경고 2005/01/07 18:25

vBulletin 3.0.5 Released

Critical Update

The discovery of a serious security vulnerability in versions of vBulletin 3 up to and including 3.0.4 has necessitated the immediate release of a version to plug the hole.

The vulnerability affects anyone running vBulletin 3 on PHP 4 with register_globals enabled in php.ini.

This is a CRITICAL update, and urge all affected customers to upgrade vBulletin with the utmost urgency.

vBulletin 3.0.5 includes all the updates recently released as part of vBulletin 3.0.4, including a long list of fixes for minor annoyances and bugs found since version 3.0.3.

Security Issues in PHP 4.3.9, 5.0.2 and Older

As we have mentioned before, a security issue was detected in PHP versions up to and including 4.3.9 and 5.0.2. Updated versions have been released by the PHP team.

The internet is currently crawling with worms hunting for vulnerable servers, with many sites having fallen foul of these bugs already. We would therefore remind our customers to upgrade to the latest versions of PHP as soon as possible.

The updated PHP versions, which fix the vulnerability are:
PHP 4.3.10
PHP 5.0.3