[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] PHP - Panicking for nothing?
- Subject: [cobalt-security] PHP - Panicking for nothing?
- From: "marcus miller" <cobalt_security_list@xxxxxxxxxxx>
- Date: Tue, 23 Jul 2002 08:57:58 +0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi all,
Regs the PHP thing, if im not mistaken most of us are running
a) php-4.1.2-2 ( from pkgmaster or cobalt )
b) php-4.1.2-3 ( from pkgmaster )
**** The latest vulnerability affects ****
1)
PHP versions 4.2.0 or 4.2.1
Overview
A vulnerability has been discovered in PHP. This vulnerability could
be used by a remote attacker to execute arbitrary code or crash PHP
and/or the web server.
- http://www.cert.org/advisories/CA-2002-21.html
**** The old vulnerability affects ****
2)
PHP v3.0.10-v3.0.18, v4.0.1-v4.1.1
Overview
We found several flaws in the way PHP handles multipart/form-data POST
requests.
Each of the flaws could allow an attacker to execute arbitrary code on the
victim's system.
- http://security.e-matters.de/advisories/012002.html
--------------------------------------------------------
Therefore, unless any of us have upgraded manually we are not at risk, or
any more than usual anyways!
( Help me out here, Im new to this but I have done my homework and I think
were ok? )
Tentatively
MJM
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com