Hello all, I recently read on the O'reilly network about a vulnerability in php's mail() function which allows the user to gain shell access under the web server user account. Apparently the code that uses the mail() function needs to strip out certain characters that allow this exploit to work.

I wanted to see if vBulletin is vulnerable or not. Here is the article

http://linux.oreillynet.com/pub/a/linux/2001/07/09/insecurities.html

Thanks for any information.

(I am running 2.01)

Its not really an exploit for vB, its only a problem if your a host. You don't obtain shell access via the vBulletin, you only get access if you make a hostile script and upload it.

Sorry if I'm not clear on my explanation...

We don't allow you to pass parameters to the mail function only data that is checked and not allowed to pose a security risk.

I host a vb forum on my site (http://www.tribes2maps.com) ... are you saying I would be vulnerable, or no? I am a bit confused. My interpretation of this exploit is that shell characters could be put in the subject line, or from, or to header, or something, that would cause shell commands to be executed when the mail() function call was made.

Great, thanks wluke!

Just so you know. We have had vBulletin checked by White Crown Security Services (www.whitecrown.net) to make sure that you are safe when you run the application.