Multiple Vulnerabilities in PHP fileupload

[zigar]

Hi y'all...back from a couple days away....

full info at:

http://www.cert.org/advisories/CA-2002-05.html


Systems Affected
Web servers running PHP
Overview
Multiple vulnerabilities exist in the PHP scripting language. These vulnerabilities could allow a remote attacker to execute arbitrary code with the privileges of the PHP process.

I. Description
PHP is a scripting language widely used in web development. PHP can be installed on a variety of web servers, including Apache, IIS, Caudium, Netscape and iPlanet, OmniHTTPd and others. Vulnerabilities in the php_mime_split function may allow an intruder to execute arbitrary code with the privileges of the web server. For additional details, see

http://security.e-matters.de/advisories/012002.html

[gstudios]

It seems as though, we both thought it was important.

http://www.antionline.com/showthread...hreadid=220635

[Noia]

PHP Problems are widespread, and not really new info, but very informativ.....
Nice post....

- Noia

[zigar]

and not really new info

actually these ARE new exploits..(since last wednesday anyways....and they are just a wee bit scary.....

Story Link



"...Netcraft released its monthly survey of Web sites, indicating that nearly 8.4 million sites were hosted by servers that use a vulnerable version of PHP. One million of those sites are vulnerable to attack, the survey said.

Based on that data alone, the PHP flaws could be as dangerous as the indexing server ISAPI filter flaw in Microsoft's Internet Information Server that made the Code Red worm possible, said Marc Maiffret, chief hacking officer for network protection company eEye Digital Security"