DTO vBulletin Product Support

  #1 (permalink)  
Old 01-23-2012, 02:51 PM
Mark's Avatar
Mark Mark is offline
Administrator
  
Join Date: Nov 2008
Posts: 1,079
Default *vBSEO Security Bulletin* All Supported Versions: Patch Release
Dear Customers and Friends,

An exploit has come to our attention that necessitates the release of a Patch for all currently supported versions, including
  • vBSEO 3.6.0
  • vBSEO 3.5.2
  • vBSEO 3.5.1 (including PL release)
  • vBSEO 3.5.0
Versions below 3.5.0 are no longer supported and have met end of life. If you are running 3.5.0 or lower, it is highly suggested that you upgrade to a newer build immediately.

All of the above install packages in the downloads area have been updated should you wish to re-install the entire product. Version numbers have not changed, and there will be no "PL" designation with this update.
Otherwise, the simple fix is to edit the file
Code:
/vbseo/includes/functions_vbseocp_abstract.php
Find:
PHP Code:
public static function proc_deutf($ptxt, $tocharset)
{
$ptxt = preg_replace('#\'([^\']*)(\'\s*\=\>)#mie', '"\'".(($_s = iconv("UTF-8", \''.$tocharset.'\', "$1")) ? $_s : "$1").stripslashes(\'$2\')', $ptxt);
return $ptxt;
}

Replace with:
PHP Code:
public static function proc_deutf($ptxt, $tocharset)
{
$ptxt = preg_replace('#\'([^\']*)(\'\s*\=\>)#mie', '"\'".(($_s = iconv("UTF-8", \''.$tocharset.'\', \'$1\')) ? $_s : \'$1\').stripslashes(\'$2\')', $ptxt);
return $ptxt;
}

Or, you can simply over-write the entire file from the new download up to your site.


Please take immediate action to protect your sites.

IMPORTANT
It has been reported that some sites have had random plugins show up in their plugin list in the vB adminCP. Please take the time to go through your plugin list. If you do see anything that doesn't look familiar, it may be wise to disable that plugin while troubleshooting further. Most reports have been tied to the global_complete hook under the core 'vBulletin' product, but may also be elsewhere. We are unsure of any implications or ramifications that may have resulted, as an infinite of code or text may have been injected. However, what we have seen appears to be a link-stealer for outbound traffic and doesn't necessarily expose any information or passwords of your site. It is always a good idea to update your ftp, server, vb admin, vbseocp, and even any htaccess passwords on your server as a precaution.


If you find any more information about the issue, please do bring it to our attention ASAP so it can be addressed.


If you have any questions, please feel free to open up a ticket or thread and we will be glad to assist further.



Thank you,

The vBSEO Team


Posted on vBSEO.com
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -6. The time now is 01:03 AM.

Contact Us - Drive Thru Online - Top