[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] PHP - Panicking for nothing?

Subject: [cobalt-security] PHP - Panicking for nothing?
From: "marcus miller" <cobalt_security_list@xxxxxxxxxxx>
Date: Tue, 23 Jul 2002 08:57:58 +0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi all,

Regs the PHP thing, if im not mistaken most of us are running

a) php-4.1.2-2 ( from pkgmaster or cobalt )
b) php-4.1.2-3 ( from pkgmaster )

**** The latest vulnerability affects ****

1)
PHP versions 4.2.0 or 4.2.1

Overview

A  vulnerability  has been discovered in PHP. This vulnerability could
be  used  by  a remote attacker to execute arbitrary code or crash PHP
and/or the web server.

- http://www.cert.org/advisories/CA-2002-21.html


**** The old vulnerability affects ****

2)
PHP v3.0.10-v3.0.18, v4.0.1-v4.1.1

Overview

We found several flaws in the way PHP handles multipart/form-data POSTrequests.Each of the flaws could allow an attacker to execute arbitrary code on thevictim's system.


- http://security.e-matters.de/advisories/012002.html

--------------------------------------------------------

Therefore, unless any of us have upgraded manually we are not at risk, orany more than usual anyways!

( Help me out here, Im new to this but I have done my homework and I thinkwere ok? )


Tentatively

MJM

_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

Follow-Ups:
- Re: [cobalt-security] PHP - Panicking for nothing?
  - From: Jan Wildeboer

Prev by Date: [cobalt-security] DENY ZoneTransfers to Non Approved Servers
Next by Date: Re: [cobalt-security] DENY ZoneTransfers to Non Approved Servers
Previous by thread: [cobalt-security] SYN attacks killing me! Please HELP!
Next by thread: Re: [cobalt-security] PHP - Panicking for nothing?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index