[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Unofficial PHP 4.1.2 PKG available
- Subject: Re: [cobalt-security] Unofficial PHP 4.1.2 PKG available
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Fri, 1 Mar 2002 22:01:50 +0100
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Andreas,
> I was urged to compile a new php 4.1.2. module to fix that security bug
> in earlier versions. I made a nice *.pkg file which everyone can get on
> ftp://ftp.cobalthosting.ch/pub/optional/RaQ3-PHP-4.1.2-1.pkg .
Your package is phoning home.
Beware, anyone: If you install this package, then an email is generated and
sent to a.petralli@xxxxxxxxxx and to register@xxxxxxxxxxxxx, including
detailed information about your server:
<<COBALT RECEPTOR>>
<<VENDOR VENDOR_NAME = <Cobalthosting.ch, Arpanet AG Switzerland> >>
<<VENDOR PRODUCT_NAME = <PHP 4.1.2 PKG> >>
<<VENDOR PRODUCT_VERSION = <1.0> >>
<<VENDOR PRODUCT_VARIANT = <full version> >>
<<VENDOR MULTI_SITE = [true] >>
<<VENDOR EVENT_TYPE = [install] >>
<<VENDOR MY_CUSTOM_TAG = my custom value >>
<<COBALT REGISTER_VERSION = 1.1.1 >>
<<COBALT INSTALL_DATE = 3/1/2002 21:57:42 >>
<<COBALT INSTALL_ZONE = Europe >>
<<COBALT INSTALL_HOUR = 21 >>
<<COBALT INSTALL_MINUTES = 57 >>
<<COBALT INSTALL_MONTH = 3 >>
<<COBALT INSTALL_DAY = 1 >>
<<COBALT INSTALL_YEAR = 2002 >>
<<COBALT HOSTNAME = XXX.XXX.XXX >>
<<COBALT ADMIN_EMAIL = admin@xxxxxxxxxxx >>
<<COBALT CPU = 298.807 >>
<<COBALT CPU_MODEL = AMD-K6(tm) 3D processor >>
<<COBALT MEMORY = 387336 kB >>
<<COBALT HARD_DISK_CONFIG = hda1(743466/) hda3(198601/var) hda4(8579124/home)
>>
<<COBALT RELEASE = release 5.0 (Pacifica) >>
<<COBALT BUILD = build 3.148 for a 3000R in English >>
<<COBALT KERNEL_RELEASE = 2.4.17 >>
<<COBALT KERNEL_VERSION = #1 Fri Feb 1 10:52:03 EST 2002 >>
<<COBALT IP_ADDR = XXX.XXX.XXX.XXX >>
<<COBALT MAC_ADDR = 00:10:XX:XX:XX:XX >>
<<COBALT /RECEPTOR>>
It's nothing malicious and an officially implemented method in the PKG
package standard. However, it's rarely used.
So install at your own risk, indeed! :o/
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer