-
March 5th, 2002, 08:19 PM
#1
Multiple Vulnerabilities in PHP fileupload
Hi y'all...back from a couple days away....
full info at:
http://www.cert.org/advisories/CA-2002-05.html
Systems Affected
Web servers running PHP
Overview
Multiple vulnerabilities exist in the PHP scripting language. These vulnerabilities could allow a remote attacker to execute arbitrary code with the privileges of the PHP process.
I. Description
PHP is a scripting language widely used in web development. PHP can be installed on a variety of web servers, including Apache, IIS, Caudium, Netscape and iPlanet, OmniHTTPd and others. Vulnerabilities in the php_mime_split function may allow an intruder to execute arbitrary code with the privileges of the web server. For additional details, see
http://security.e-matters.de/advisories/012002.html
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
-
March 5th, 2002, 08:27 PM
#2
It seems as though, we both thought it was important.
http://www.antionline.com/showthread...hreadid=220635
-
March 5th, 2002, 08:35 PM
#3
PHP Problems are widespread, and not really new info, but very informativ.....
Nice post....
- Noia
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .: Bring OS X to x86!:.
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
-
March 6th, 2002, 01:19 AM
#4
actually these ARE new exploits..(since last wednesday anyways....and they are just a wee bit scary.....
Story Link
"...Netcraft released its monthly survey of Web sites, indicating that nearly 8.4 million sites were hosted by servers that use a vulnerable version of PHP. One million of those sites are vulnerable to attack, the survey said.
Based on that data alone, the PHP flaws could be as dangerous as the indexing server ISAPI filter flaw in Microsoft's Internet Information Server that made the Code Red worm possible, said Marc Maiffret, chief hacking officer for network protection company eEye Digital Security"
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|