Several security flaws in ubb.threads discovered
Wednesday, April 20th, 2005During a security audit of ubb.threads I discovered several potential security issues in the software.
Infopop is now aware of the problem but their time schedule for a new release is rather unspecific.
All they said is that it will take several weeks…
As the security flaws can be used to compromise your server, gain admin rights etc. I came up with modification that should protect you from possible attacks.
I encourage all owners of ubb.threads to install this modifcation. Currently this modification works for ubb.threads 6.3.x and 6.5.x.
Please not that all versions of ubb.threads are vulnerable!
Feel free to contact me if you have questions about this modification or need a working version for ubb.threads 6.4.x.