Mailinglist Archive: opensuse (1420 mails)

< Previous Next >
Re: [opensuse] Re: forums.opensuse.org down?
On Wednesday, January 08, 2014 02:22:28 AM Carlos E. R. wrote:
On 2014-01-08 02:12, John Andersen wrote:
The article, which may not be accurate, says OpenSuse was not running
the most current version of vBulletin. It might be fixed already
in later versions.

Not in the updated version. Most probably developer will need to review the
authetication and validation processes to move it away.

No, the page says: «Another important claim by the hacker that vBulletin
5.0.5 latest version is also vulnerable to his zero-day exploit and
there is no patch yet available to fix it.»

That's right. Nor the last update or upgrade are able to fix it. The core flaw
seems to be on vBulletin itself.

Since that point of view. There is a bad path to validate admin user or weak
path to handle authentication. So software will need better control points to
work among layers before grant access.


--
Ricardo Chung |
Member
openSUSE Projects
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >