Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
PHP Programming

PHP Security & Exploit 28

Posted by Hemos from the fixing-it dept.
Anonymous Coward writes "It looks like after a few weeks of rumors, an exploit for PHP/Apache under Linux surfaced. Luckily, PHP.net has the patch ready to go. While the export only claims to work for PHP up to 4.0.5, php.net also releases a patch for 4.1.1, the (until yesterday), latest version of php. This patch makes a small edition to the part of the source code (rfc1867.c) that is used by the exploit."
This discussion has been archived. No new comments can be posted.

PHP Security & Exploit More

PHP Security & Exploit

Comments Filter:
  • <?php

    if ($system != 'patched') {

    $file_uploads = 'Danger, Will Robinson!';

    }

    ?>

  • all versions previous to 4.1.2 are at risk (Score:3, Informative)

    by chrismcc@netus.com ( 24157 ) <chrismccNO@SPAMgmail.com> on Wednesday February 27, 2002 @03:29PM (#3079308) Homepage
    All versions previous to 4.1.2 (today's release) are at risk

    http://www.php.net/
    http://security.e-matters.d e/advisories/012002.htm l

    The bug report is here:
    http://bugs.php.net/bug.php?id=15736

    it recomends turning off file uploads as a work around
  • Bunch of mod_perl trolls slashdot is!
    http://uptime.netcraft.com/up/graph/?mode_u=off&mo de_w=on&site=slashdot.org [netcraft.com]
    The site slashdot.org is running Apache/1.3.20 (Unix) mod_perl/1.25 mod_gzip/1.3.19.1a on Linux.
  • Now I like to instal PHP from source personally, but most people i know that use PHP, do so on a default redhat 7.2 rpm install. i.e. they are running ver 4.0.6.

    So my question is: Is there a way to patch the major distro versions (i.e. rh, suse, mandrake ...) from there default versions to the secure version?

    Because if there isn't then there are still gonna be alot of webservers out there running insecure versions of php. And, if there isn't a way, then why isn't there?

  • The important facts (Score:2, Informative)

    by Anonymous Coward
    This is a very high impact vulnerability, mod_php is the worlds most popular Apache module, maybe the most popular web script language. (no flamewars intended, it IS popular among a lot of people whether you like it or not).

    However, one line in the config should according to php.net disable the vulnerability :

    file_uploads = off

    (When tested phpinfo(); gives "no value" at my site)

    One file needs to be patched for all PHP versions, get the patch here :

    php.net/downloads.php [php.net]

    Patch like this:

    1. Enter ../src/php-4.0.x/main dir
    2. patch < pathtodiffile/rfc1867.c.diff-4.0.6
    3. build either the DSO module or build apache with static php

    The "full" advisory is here :

    security.e-matters.de [e-matters.de]

    now, PATCH!
  • For those having problems getting the patch, mirrors are here:
    US1 [php.net]
    US2 [php.net]
    US3 [php.net]
    US4 [php.net]
    UK1 [php.net]
    UK2 [php.net]
  • This does not affect IIS5.0 + PHP?
    • This does not affect IIS5.0 + PHP?

      From the advisory:

      Finally I want to mention that the boundary check vulnerabilities are only exploitable on linux or solaris. The heap off by one is only exploitable on linux(maybe solaris)x86 and the arbitrary heap overflow in PHP3 is exploitable on most OS and architectures. (This includes *BSD, Windows, Linux, Solaris)
      It would seem to be a question of operating system rather than web server.
  • and this isn't on the main /. page because.................

Slashdot Top Deals

Say "twenty-three-skiddoo" to logout.

Close