Atom
The bug can allow attackers to obtain password hashes, all existing users of phpBB 2.0.x make the change specified below, it is highly recommended.
We have now updated all archives (for 2.0.8, named 2.0.8a) as made available on the download page here. Therefore all new installations and upgrades will be immune.
To fix this flaw please open privmsg.php in any text editor and follow the following instruction:
FIND - Line 215:
- Code: Select all
$pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
REPLACE WITH:
- Code: Select all
$pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
The difference between the two lines is the deleted dot after $pm_sql_user.
Save and if necessary upload the changed file to your webserver replacing your existing version.
For those wanting a patch file, here it is:
- Code: Select all
diff -C2 -r1.96.2.34 -r1.96.2.35
*** privmsg.php 18 Mar 2004 18:16:21 -0000 1.96.2.34
--- privmsg.php 28 Mar 2004 16:38:51 -0000 1.96.2.35
***************
*** 213,217 ****
case 'savebox':
$l_box_name = $lang['Savebox'];
! $pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . "
--- 213,217 ----
case 'savebox':
$l_box_name = $lang['Savebox'];
! $pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . "
