Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0090 vBulletin has released a security patch to address a vulnerability in versions 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2. 28 July 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: vBulletin Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Cross-site Request Forgery -- Remote with User Interaction Resolution: Patch/Upgrade Member content until: Wednesday, August 27 2014 OVERVIEW vBulletin has released a security patch to address a vulnerability in versions 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2. IMPACT The vendor has provided the following details regarding these vulnerabilities: "The patch resolves a potential Cross-Site Forgery Request in the authorization system." [1] MITIGATION The vendor has stated that these issues have been corrected in versions 5.1.2 PL2, 5.1.1 PL2, 5.1.0 PL3, 5.0.5 PL4, 5.0.4 PL5, 5.0.3 PL4, 5.0.2 PL5, 5.0.1 PL4 and 5.0.0 PL4. [1] REFERENCES [1] Security Patch Release for vBulletin 5 Connect, Versions 5.0.0 through 5.1.2 http://www.vbulletin.org/forum/showthread.php?p=2507866#post2507866 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU9XLPxLndAQH1ShLAQLAjQ/+M8X1WaducLnKoqd5abmU9mEnymbh5aLn HJHn58kW+iXdyhWrp+Bxn+0cYoktU4ScG9RsL5/fQq/FS92YAoWZ4aMybprgDq2l KXV7MJwE56yiqyrFVBnxvZt+7aNR7wG1XTKJQCa64ORgPKz7MAiH94DcKTK9CpIC KoW/FE8dOHlwscU1jZsrUDlr2r7Z8X45yK9pn42oGqh26tk/+Meb29OijoW5Ms5R J7r2TriJp4pxj0xdJDXVIjnxMBRaomToGjGvR2IYYAUObzegCxxpHhQGa8aaouIM Hqy/RRY5SGc09gZnCJ4VEZy3e3/YVfJFp5P4RUYgxHWXEW0t1TE+NC8Ol3uBzxnd j6wBAJQAXr7GeQI6F4IX6UFgpQGxkQh3n8wPhJgX1oT0qwa0tO0sU92HIB1tJGkz fCNERyKOmCbt/7E+zLfeyy01PUo8qzCb8Q5HDxMmqG2S5WYelwLSkaEF/REHVDbr 7aMIpvk9t9gSYW1M8nH+Dr61Rm2Dhv08Rj7jRFrFFZiHLappQWwK8JLWqUSkaF4C CwZtfQ58O/c7gbxcFPdJw6dKZX2RJlc56WnEUqlO2fVQwItMr8jCVmpqsbGVqPIX ze4PfiHGUwvxqeyxBvMwXCBjIib8EUrDOEILIuyxAEGvoL0k19Z5rFoXpBYaXMO8 g4N9qObY8/8= =zkJi -----END PGP SIGNATURE-----