XMB Forum Software - [Security] New Token System - Powered by XMB 1.9.12 (Debug Mode)

[Security] New Token System

miqrogroove - 2-6-2011 at 09:37 PM

Issue #434

Bug Source: XMB, all versions

Symptoms: None.

Security Impact: Medium

Discussion: Administrators could be tricked by third parties or spammers into running commands that are not confirmed by XMB. However, attackers would not be able to run such commands alone. This patch adds internal confirmation of all security-sensitive commands so that XMB will block unexpected activity.

Fixed By: XMB-1.9.11.12.zip and later are not affected.

Patch: Attachment: XMB-1.9.11-new-token-system.patch.txt (44kB)
This file has been downloaded 583 times

Patch Update

miqrogroove - 3-26-2011 at 05:40 PM

A file was missed in the first patch, so a second patch is needed now:

Attachment: XMB-1.9.11-r2540.diff (921B)
This file has been downloaded 410 times