XMB Forum Software
Not logged in [Login - Register]
Go To Bottom

Printable Version  
Author:

[Security] New Token System

miqrogroove
XMB 1.9.11 Lead Developer
*********


Avatar


Posts: 321
Registered: 10-1-2002
Location: Florida
Member Is Offline

Mood: Past Three O'Clock

[*] posted on 2-6-2011 at 09:37 PM
[Security] New Token System


Issue #434

Bug Source: XMB, all versions

Symptoms: None.

Security Impact: Medium

Discussion: Administrators could be tricked by third parties or spammers into running commands that are not confirmed by XMB. However, attackers would not be able to run such commands alone. This patch adds internal confirmation of all security-sensitive commands so that XMB will block unexpected activity.

Fixed By: XMB-1.9.11.12.zip and later are not affected.

Patch: Attachment: XMB-1.9.11-new-token-system.patch.txt (44kB)
This file has been downloaded 362 times
View user's profile Visit user's homepage View All Posts By User
miqrogroove
XMB 1.9.11 Lead Developer
*********


Avatar


Posts: 321
Registered: 10-1-2002
Location: Florida
Member Is Offline

Mood: Past Three O'Clock

[*] posted on 3-26-2011 at 05:40 PM
Patch Update


A file was missed in the first patch, so a second patch is needed now:

Attachment: XMB-1.9.11-r2540.diff (921B)
This file has been downloaded 154 times

View user's profile Visit user's homepage View All Posts By User

  Go To Top

Powered by XMB 1.9.11 (Debug Mode)
Forum Script Software by XMB © 2001-2019 The XMB Group
[Queries: 16] [PHP: 22.0% - SQL: 78.0%]
Funded with thanks to competitions website.