*vBSEO Security Bulletin* All Supported Versions: Patch Release

Dear Customers and Friends,

An exploit has come to our attention that necessitates the release of a Patch for all currently supported versions, including

• vBSEO 3.6.0
• vBSEO 3.5.2
• vBSEO 3.5.1 (including PL release)
• vBSEO 3.5.0

Versions below 3.5.0 are no longer supported and have met end of life. If you are running 3.5.0 or lower, it is highly suggested that you upgrade to a newer build immediately.

All of the above install packages in the downloads area have been updated should you wish to re-install the entire product. Version numbers have not changed, and there will be no "PL" designation with this update.

Run Testing Utility | Download Patched vBSEO Now

Otherwise, the simple fix is to edit the file

Code:

/vbseo/includes/functions_vbseocp_abstract.php

Find:

PHP Code:

public static function proc_deutf($ptxt, $tocharset)
{
$ptxt = preg_replace('#\'([^\']*)(\'\s*\=\>)#mie', '"\'".(($_s = iconv("UTF-8", \''.$tocharset.'\', "$1")) ? $_s : "$1").stripslashes(\'$2\')', $ptxt);
return $ptxt;
} 


Replace with:

PHP Code:

public static function proc_deutf($ptxt, $tocharset)
{
$ptxt = preg_replace('#\'([^\']*)(\'\s*\=\>)#mie', '"\'".(($_s =  iconv("UTF-8", \''.$tocharset.'\', \'$1\')) ? $_s :  \'$1\').stripslashes(\'$2\')', $ptxt);
return $ptxt;
} 


Or, you can simply over-write the entire file from the new download up to your site.


Please take immediate action to protect your sites.

IMPORTANT
It has been reported that some sites have had random plugins show up in their plugin list in the vB adminCP. Please take the time to go through your plugin list. If you do see anything that doesn't look familiar, it may be wise to disable that plugin while troubleshooting further. Most reports have been tied to the global_complete hook under the core 'vBulletin' product, but may also be elsewhere. We are unsure of any implications or ramifications that may have resulted, as an infinite of code or text may have been injected. However, what we have seen appears to be a link-stealer for outbound traffic and doesn't necessarily expose any information or passwords of your site. It is always a good idea to update your ftp, server, vb admin, vbseocp, and even any htaccess passwords on your server as a precaution.


If you find any more information about the issue, please do bring it to our attention ASAP so it can be addressed. If you have any questions, please feel free to open up a ticket or thread and we will be glad to assist further.


From the FAQ's ---> I was hit, how do I fix it?
Go through your plugin list. If you do see anything that doesn't look familiar, it may be wise to disable that plugin while troubleshooting further. Most reports have been tied to the global_complete hook under the core 'vBulletin' product, but may also be elsewhere.

Testing Utility
To help in seeking suspect plugins, we have created a small utility that verifies the source code of all your plugins and datastore for known patterns of malicious plugins that have been reported:

1. If your install is clean, the tool simply displays an "OK".
2. If a suspect plugin is identified, a link to edit/disable it in admincp is displayed.

Installation Instructions:

1. Download the attached file (vbseo_checkplugins.zip), unzip and upload it to the root of your forums directory.
2. Visit www.yoursite.com/[forum-directory-name]/vbseo_checkplugins.php
3. Review your results as described in the 'Testing Utility' section above.

NOTE: If you identify a rogue plugin not detected by the current testing utility, please report it via our ticket system or create a new thread in the troubleshooting forum titled "Undetected rogue plugin" so that we can update the utility ASAP.

Thanks for your cooperation.

vbseo_checkplugins3.zip (v3)

Thank you,

The vBSEO Team

Done,

Thanks

Thanks for the heads up.

thanks Brian ...

Originally Posted by Devile

Thanks for the heads up.

Ditto,
I'll contact my clients

Thanks for the update on facebook, I don't think I would of seen it otherwise.

cheers,.

Notifications have gone out via this thread, emails to license holders, facebook fan page, and the vbseo twitter page, and Wayne Luke posted it on vb.com too. If there's anything else left to post to, let us know

grazie

Thanks!

I assume I could just download the updated package and replace the '

functions_vbseocp_abstract.php' file, instead of manually editing that file. Am I right?

Thanks a lot

Thanks for the update, done!

The code in that function already looked like the content of "Replace with" on my forum with vBSEO 3.6.0, so what exactly was changed in 3.6.0?

Originally Posted by faquick

I assume I could just download the updated package and replace the '

functions_vbseocp_abstract.php' file, instead of manually editing that file. Am I right?

Hello Fabrizio,

As long as you haven't customized the functions_vbseocp_abstract.php file for your own needs, you are free to apply the patch in that way

thank you going to update now (I didn't customize anything)