[IPS] IP.Board 3.2.x, 3.3.x, and 3.4.x Critical Security Update

[Administrator]

Security Update: 3rd May 2013

A critical security issue has been reported to us which may allow unauthorized access to an administrator account.  We are releasing a security patch to address this issue. In the interest of allowing customers ample amount of time to apply the patch, we are not disclosing further details at this time.

Instructions

We are providing a patch for IP.Board versions 3.4, 3.3 and 3.2. If you are running a version less than 3.2 you should upgrade to get this and other security enhancements.

While IPS does not apply patches for you, patching is very easy:

• Identify the version of IP.Board you are running.
• Download and unzip the appropriate patch file below that matches your version.
• Upload the contents of the extracted zip folder to your IP.Board home directory
• If you have renamed your admin directory, then copy the files manually to the appropriate admin folder.

IP.Board 3.4.x

 3.4.zip   76.46K   761 downloads

IP.Board 3.3.x

 3.3.zip   70.88K   175 downloads

IP.Board 3.2.x

 3.2.zip   64.78K   98 downloads

 

 

Important Notes:

• When you apply the security update, the bulletin in your AdminCP will still display. We keep the bulletin in place for at least a week after a security release.
• Our main software packages accessed via the client area have already been updated with this security update.
• If you are an IPS Hosting client your community has been automatically patched. No further action is needed.
• As this is not a full upgrade but a simple upload a file and you're done patch, IPS staff will not apply this patch as part of our support services.

We would like to thank security researcher John JEAN for his responsible disclosure of this issue to us.  His information is as follows, and shared with permission:

• Author: John JEAN
• Twitter account: @johnjean
• Occupation: Security researcher
• Company: Wargan Solutions
• Company's website: http://www.wargan.com

View the full article