[REDHAT] Heads up: PHP exploit (fwd)
David Kramer
david at thekramers.net
Sat Mar 2 20:41:21 EST 2002
-------------------------------------------------------------------
DDDD David Kramer http://thekramers.net
DK KD "That venture capitalists are willing to take any level of
DKK D risk, even a modest one, after all that has happened in the
DK KD ecommerce sector, is inspiring. They might almost be
DDDD capable of becoming Red Sox fans" -Keith Regan
---------- Forwarded message ----------
this one hasn't even hit Bugtraq yet. I got wind of it via
departmental mail from someone who follows the snort-sigs list.
There is a PHP problem afoot which affects POST operations in all
versions of PHP prior to 4.1.2. Go here for details:
http://security.e-matters.de/advisories/012002.html
And here for the fix:
http://www.php.net
I've already patched my production boxes, but there's no help yet for
rpm'ers, far as I know. 'file_uploads = Off' in php.ini, if you can't
upgrade.
Hope this helps someone. -d
--
More information about the Discuss
mailing list