[REDHAT] Heads up: PHP exploit (fwd)
Bryan Strawser
feanor at gondolin.org
Sat Mar 2 21:54:19 EST 2002
This came out from CERT yesterday.. It was in the linux-focus mailing
lists on securityfocus on Thursday or so, I think...
The upgrade solves the problems...
Bryan
-----Original Message-----
From: discuss-admin at blu.org [mailto:discuss-admin at blu.org] On Behalf Of
David Kramer
Sent: Saturday, March 02, 2002 20:41
To: BLU Boston Linux Unix group
Subject: [REDHAT] Heads up: PHP exploit (fwd)
-------------------------------------------------------------------
DDDD David Kramer http://thekramers.net
DK KD "That venture capitalists are willing to take any level of DKK D
risk, even a modest one, after all that has happened in the DK KD
ecommerce sector, is inspiring. They might almost be
DDDD capable of becoming Red Sox fans" -Keith Regan
---------- Forwarded message ----------
this one hasn't even hit Bugtraq yet. I got wind of it via
departmental mail from someone who follows the snort-sigs list.
There is a PHP problem afoot which affects POST operations in all
versions of PHP prior to 4.1.2. Go here for details:
http://security.e-matters.de/advisories/012002.html
And here for the fix:
http://www.php.net
I've already patched my production boxes, but there's no help yet for
rpm'ers, far as I know. 'file_uploads = Off' in php.ini, if you can't
upgrade.
Hope this helps someone. -d
--
_______________________________________________
Discuss mailing list
Discuss at blu.org
http://www.blu.org/mailman/listinfo/discuss
More information about the Discuss
mailing list