[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Heads up: PHP exploit

From: David Talkington <dtalk prairienet org>
To: apache moongroup com, <redhat-list redhat com>
Subject: Heads up: PHP exploit
Date: Wed Feb 27 17:56:01 2002

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I don't normally trouble the list with security announcements, but 
this one hasn't even hit Bugtraq yet.  I got wind of it via 
departmental mail from someone who follows the snort-sigs list.

There is a PHP problem afoot which affects POST operations in all 
versions of PHP prior to 4.1.2.  Go here for details:

http://security.e-matters.de/advisories/012002.html

And here for the fix:

http://www.php.net

I've already patched my production boxes, but there's no help yet for 
rpm'ers, far as I know.  'file_uploads = Off' in php.ini, if you can't 
upgrade.

Hope this helps someone. -d

- -- 
David Talkington

PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp
- --
http://setiathome.ssl.berkeley.edu/pale_blue_dot.html




-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Made with pgp4pine 1.75-6

iQA/AwUBPH1jzL9BpdPKTBGtEQKPwwCg9b/HFq0tUpWkfeGhBuADBAoCmO8AoOWB
ft9p2JrQyKtGshUArpbLvYoc
=smE5
-----END PGP SIGNATURE-----

Follow-Ups:
- Ethernet help
  - From: redhat nextnet com
- Re: Heads up: PHP exploit
  - From: Ed Wilts

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]