Security Advisory – Live Help v4.0

Live Help Server software v4.0 Revision 9 has been released to address a security concern within the Live Chat software. We recommend that all customers upgrade to this release immediately. There is no reason to believe that the vulnerabilities are known to the public, due to this only limited information regarding the vulnerabilities will be released at this time. Theses security issues were identified by Vlad C. of NetSec Interactive Solutions http://www.safeornot.net.

Customers that are running a version prior to Live Help v4.0 such as the v3.x releases can upgrade as per the regular upgrade instructions at http://livehelp.stardevelop.com/kb/19/ Once upgraded to the v4.0 you should check the following files are deleted in step three of the instructions below.

If you are already running Live Help v4.0 Rev 1 through 8 then you can simply complete the upgrade as shown below:

Live Help v4.0 Rev. 9 Upgrade Instructions

• Backup your existing /livehelp installation folder
• Re-upload the /livehelp/ folder. Do not re-upload the /livehelp/include/database.php file or the /livehelp/install/ folder as that will overwrite your database configuration and the installation folder isn’t needed for this update.
• Delete any *.php files within the /livehelp/scripts/ folder. Those are legacy files and shouldn’t be left on the server.

Once sufficient time has passed to allow customers to update to the above release we will update the CHANGELOG.TXT with additional details regarding the nature of the vulnerabilities.

Please do not hesitate to contact us via. email or Live Chat if you require assistance with updating your Live Help installation.