Results 1 to 4 of 4

Thread: End of the road? - 4.2.2 PL4 apparently breaks vBA access process

  1. #1
    Join Date
    Nov 2005
    Posts
    23

    Default End of the road? - 4.2.2 PL4 apparently breaks vBA access process

    Playing with it for a few hours this afternoon. There is a security patch, to update 4.2.2 to patch level 4. I uploaded the files for the patch, and then realized that the portal page was broken, with an "access denied" error. I made sure that vBadvanced was fully up to date with 4.3, and it still showed same error. I uninstalled vBA, and downrev'd vBulletin to 4.2.2. Re-installed vBA 4.3, and everything worked fine. I slowly added the patch components to bring vBulletin 4.2.2 up to PL4, and the "access denied" error came back immediately.

    PL4 release notes say that it fixes some access security issues, and there does seems to be some type of conflict. Not looking forward to it, but it seems I am going to need to migrate off of vBadvanced CMPS for at least my 4.X forums.

    Shot in the dark, has anyone else out there been able to keep the 4.X tree all the way up to date and still use vBA CMPS successfully?

  2. #2

    Default

    I'm up to date... through PL3. If PL4 breaks vBa I am not patching - consequences be damned.

  3. #3
    Join Date
    May 2008
    Posts
    3

    Default

    according to their VBULLETIN ANNOUNCEMENTS section fo the forum, this is the story with the patch:


    Security Exploit found in vBulletin 4
    Thu 8th Jan '15, 8:08pm
    A security issue has been reported to us that affects vBulletin 4. We have released security patches for vBulletin 4.2.2 to account for this vulnerability. The issue may allow attackers to perform CSRF exploits via the Moderator Control Panel. It is recommended that all users update as soon as possible. If you're using a version of vBulletin 4 older than 4.2.2, it is recommended that you upgrade to that version as soon as possible.

    You can download the patch for your version here: http://members.vbulletin.com/patches.php

    To install the patch, download the appropriate files for your version of vBulletin 4 then upload all files found within the zip file. Make sure to overwrite the existing files on your server.

    If you're using a version prior to 4.2.2, then you should follow standard upgrade procedures.

    Patches available:
    vBulletin 4.2.2 PL 4

    vBulletin 4.2.3. Beta has been updated with the fix.
    if you didnt want to do the patch, you could just change the name of the folders for CP and adminCP to something far removed from the defaults - this would be a start.. it's difficult to attempt a CSRF if you cannot actually see the login to the cpanels..

    also: 4.2.3 is lurking in the background, man, i really dislike this so-called 'progress' - so much bloat, so many useless features.. WHAT HAPPEND?

  4. #4
    Join Date
    Mar 2011
    Location
    Ledyard, CT
    Posts
    4

    Default

    Did you backup the VBA files ie: index.php then restore them after the vBulletin upgrade? I just ran into that myself. I just uploaded the vba index.php and all is fine.
    Owner
    Veteran Soldier Computer Repair & Web Design http://www.vetsols.com
    TNG Web Hosting http://www.tngwebhost.com
    Veteran Soldier Radio http://www.veteransoldierradio.co
    The Cheat Police http://www.thecheatpolice.com
    Veteran Soldiers [VS] http://www.v-squad.com

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Income Boulevard | Your Road To Online Success
    By FightRice in forum Show off your vBadvanced!
    Replies: 0
    Last Post: 07-31-2008, 11:43 PM
  2. Which upgrade process is best???
    By AZ_Astro in forum Troubleshooting & Problems
    Replies: 6
    Last Post: 11-28-2006, 05:54 PM
  3. Happy Birthday xtremeoff-road
    By SomeName in forum Chit Chat
    Replies: 0
    Last Post: 09-08-2005, 02:42 AM
  4. texas road rage
    By TRR in forum Show off your vBadvanced!
    Replies: 0
    Last Post: 02-11-2005, 08:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •