security
SITE SECURITY ISSUES



Subscribe to "security" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.

© copyright 2002
by Marc Barrot.

Permalink
Thursday, April 18, 2002

PHP Security Revisited

Catching up on Martin Heller's PHP Revisited column on Byte.com, I've just realised I am responsible for a site with public Internet exposure and PHP 4.1.1 for Windows.

Oops, this is a serious mistake:

[27-Feb-2002] Due to a security issue found in all versions of PHP (including 3.x and 4.x), a new version of PHP has been released. Details about the security issue are available here. All users of PHP are strongly encouraged to either upgrade to PHP 4.1.2, or install the patch (available for PHP 3.0.18, 4.0.6 and 4.1.0/4.1.1).[PHP Security Update]
It doesn't take much digging into the advisory notice to realize these vulnerabilities in fileupload could allow an evil minded attacker to execute arbitrary code on a pre 4.2.2 PHP system.



10:14:10 AM  Permalink  comments:   Google It!  


April 2002
Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30        
Mar   Jun

last updated: 10/21/02; 12:46:37 AM.