Slashdot Mirror

← Back to Stories (view on slashdot.org)

PHP Security & Exploit

Posted by Hemos on Wednesday February 27, 2002 @06:45AM from the fixing-it dept.

Anonymous Coward writes "It looks like after a few weeks of rumors, an exploit for PHP/Apache under Linux surfaced. Luckily, PHP.net has the patch ready to go. While the export only claims to work for PHP up to 4.0.5, php.net also releases a patch for 4.1.1, the (until yesterday), latest version of php. This patch makes a small edition to the part of the source code (rfc1867.c) that is used by the exploit."

1 of 28 comments (clear)

Min score:

Reason:

Sort:

all versions previous to 4.1.2 are at risk by chrismcc@netus.com · 2002-02-27 07:29 · Score: 3, Informative

All versions previous to 4.1.2 (today's release) are at risk

http://www.php.net/
http://security.e-matters.d e/advisories/012002.htm l

The bug report is here:
http://bugs.php.net/bug.php?id=15736

it recomends turning off file uploads as a work around

--
Christopher McCrory "The guy that keeps the servers running" chrismcc@gmail.com http://www.pricegrabber.com