win32
MANAGING WIN NT/2K SYSTEMS

today

articles
howtos
tools
reference

gnu/linux
os x
win32

security
scripting

groupware

Subscribe to "win32" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.

© copyright 2002
by Marc Barrot.

Permalink
Thursday, April 18, 2002

PHP Security Revisited

Catching up on Martin Heller's PHP Revisited column on Byte.com, I've just realised I am responsible for a site with public Internet exposure and PHP 4.1.1 for Windows.

Oops, this is a serious mistake:

[27-Feb-2002] Due to a security issue found in all versions of PHP (including 3.x and 4.x), a new version of PHP has been released. Details about the security issue are available here. All users of PHP are strongly encouraged to either upgrade to PHP 4.1.2, or install the patch (available for PHP 3.0.18, 4.0.6 and 4.1.0/4.1.1).[PHP Security Update]
It doesn't take much digging into the advisory notice to realize these vulnerabilities in fileupload could allow an evil minded attacker to execute arbitrary code on a pre 4.2.2 PHP system.



10:14:10 AM  Permalink  comments:   Google It!  


April 2002
Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30        
Mar   May

last updated: 10/21/02; 12:59:33 AM.

Currently subscribed to:

 RSS link Curiouser and curiouser!
 RSS link Don W Strickland: RadioFAQ
 RSS link John Robb's Radio Weblog
 RSS link Jon's Radio
 RSS link klogs
 RSS link Linux Magazine
 RSS link Mac Net Journal
 RSS link Matt Mower: liveTopics
 RSS link New York Times: International
 RSS link O'Reilly Network Articles
 RSS link O'Reilly Safari
 RSS link Paolo Valdemarin: Paolo's Weblog
 RSS link Radio Free Blogistan
 RSS link radio-dev
 RSS link Radio.root Updates
 RSS link Sam Ruby
 RSS link Scripting News
 RSS link Simon Fell
 RSS link Slashdot
 RSS link The FuzzyBlog!
 RSS link TidBITS
 RSS link toolbox

Here's how this works.