Critical update - v6.00.305
Posted by Falk on 03/12/2006

---

As I promised a few days ago, I have received the required information to release a fix to close the vulnerability responsible for last week's security breach. Due to the nature of this exploit I am not able to disclose the exact details, only that it involves avatar files. The problem is fixed in this update. Credit for this discovery goes to the International Flooders Federation (IFF). I would like to thank Slash and his group for their full co-operation

Existing v6.00.304 users can download the file '6.00.305 update for v6.00.304'. If you are using an earlier 6.00.3 version ensure you upgrade to v6.00.304 before applying this update. Simply upload the inluded files and click upgrade under System Admin. The Sourceforge packages have also been updated as usual. Click Read more for manual update details.

Download PHPFusion 6.00.305 Update for v6.00.304 (5Kb).

---

Extended News

---

For those of you who prefer to update manually, you need to edit 2 files update_profile_include.php and updateuser.php as follows.

includes/update_profile_include.php

Replace lines 79 through 83:

$size = getimagesize(IMAGES."avatars/".$avatarname);
if ($size['0'] > 100 || $size['1'] > 100) {
unlink(IMAGES."avatars/".$avatarname);
$set_avatar = "";
}




With:

if ($size = @getimagesize(IMAGES."avatars/".$avatarname)) {
if ($size['0'] > 100 || $size['1'] > 100) {
unlink(IMAGES."avatars/".$avatarname);
$set_avatar = "";
}
} else {
unlink(IMAGES."avatars/".$avatarname);
$set_avatar = "";
}




administration/updateuser.php

Replace lines 88 through 92:

$size = getimagesize(IMAGES."avatars/".$avatarname);
if ($size['0'] > 100 || $size['1'] > 100) {
unlink(IMAGES."avatars/".$avatarname);
$set_avatar = "";
}




With:

if ($size = @getimagesize(IMAGES."avatars/".$avatarname)) {
if ($size['0'] > 100 || $size['1'] > 100) {
unlink(IMAGES."avatars/".$avatarname);
$set_avatar = "";
}
} else {
unlink(IMAGES."avatars/".$avatarname);
$set_avatar = "";
}