Slashdot Mirror


PHP Vulnerability Announced

corz writes "Just when you thought you were finished upgrading the webserver, 'The PHP Group has learned of a serious security vulnerability in PHP versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary code with the privileges of the web server. This vulnerability may be exploited to compromise the web server and, under certain conditions, to gain privileged access.' Here's the bugtraq announcement." The hole is in the parsing of HTTP POST headers and can allow arbitrary code to be run on vulnerable machines. PHP thoughtfully decided to release a new version, 4.2.2, today with the fix. You can find a copy of it here (mirror).

2 of 47 comments (clear)

  1. PHP flaws, Apache etc.... by Anonymous Coward · · Score: -1, Troll

    First off I must admit that I am a staunch supporter of President Bush's 'War On Terror'. However when I first read this article (The Drudge Report is my AOL homepage), I thought it was a stupid idea to even consider recruiting someone above the age of 16 to spy on their neighbours. The best way to go about this would be to teach young children to keep a close eye upon their parents and neighbours. This would best be taught in the state run schools that cost so much tax payer money, and refuse to swear to the Pledge of Alligance. By teaching them to watch over America, there would be a huge re-injection of patriotism back into the education system. Using children, has a number of advantages because children are more likely to go along with orders delivered by a state authority. Secondly, they are innocent, and would be able to gather information readily without raising suspicions of the terrorists they would surveil. And lastly they could be rewarded easily and cheaply with videogames and candy etc. Lastly, the Boy Scouts of America could be put to use, by doing reconnaissance missions in the remoter regions of the American wilderness; the Girl Guides could supply them with food. I'm sure the terrorist camp in Oregon would never of formed if there were 100 Boy Scouts roaming the wilderness looking for Arabs every weekend. In general I support the idea, but think it needs to be reworked to include only children to be the most effective.

  2. subconsious homosexuar by Anonymous Coward · · Score: -1, Troll

    Taco is trying to lure you in homosexuality. Look what the hidden message is saying this time.

    PHP Vulnerability Announced

    PHP | Posted by krow on Monday July 22, @04:20PM
    from the who-would-have-thunk-it dept.
    corz writes "Just when you thought you were finished upgrading the webserver, 'The PHP Group has learned of a serious seCurity vulnerability in PHP vErsions 4.2.0 and 4.2.1. An intRuder may be able to execute arbItrary code with the privilegeS of the web server. THis vulnerability MaY be exploited to compromise the weB server And, under certain conditions, to gain priviLeged access.' Here's the bugtraq announcement." The hoLe is in the parSing of HTTP POST headers and can allow arbitrary code to be run on vulnerable machines. PHP thoughtfully decided to release a new version, 4.2.2, today with the fix. You can find a copy of it here (mirror).

    -- MMMMMMMMMMMMMMMMMMMM