Critical vulnerability identified in PHP

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • MrGusMuller
    Confirmed User
    • Oct 2010
    • 1262

    #1

    Critical vulnerability identified in PHP

    A critical vulnerability in the most recent release of PHP has just been found (CVE-2012-0830). This exploit could allow arbitrary code to be remotely executed on a PHP system. This vulnerability is present both on PHP 5.3.9, and on PHP 5.2.17 that contains a backported fix for CVE-2011-4885.
    in Zend Server Update Email

    https://bugzilla.redhat.com/show_bug.cgi?id=786686
    http://thexploit.com/sec/critical-ph...collision-dos/

    You all should update to the PHP 5.3.10.
    StagCMS - Adult CMS - user friendly adult content management system - speed up your websites with no SQL connections
    ICQ: 63*23*43*113

  • raymor
    Confirmed User
    • Oct 2002
    • 3745

    #2
    Thanks. Of course PHP itself is a arbitrary code execution vulnerability. include(http://hack.com/?yourlib.php) anyone?
    For historical display only. This information is not current:
    support@bettercgi.com ICQ 7208627
    Strongbox - The next generation in site security
    Throttlebox - The next generation in bandwidth control
    Clonebox - Backup and disaster recovery on steroids

    Comment

    • Klen
      • Aug 2006
      • 32235

      #3
      I cant update to 5.3,it's too different to ver 5.2.Any fix for version 5.2 ?

      Comment

      • fris
        Too lazy to set a custom title
        • Aug 2002
        • 55679

        #4
        Originally posted by KlenTelaris
        I cant update to 5.3,it's too different to ver 5.2.Any fix for version 5.2 ?
        im pretty sure it only effects 5.3.x
        Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.

        Comment

        • Fletch XXX
          GFY HALL OF FAME DAMMIT!!!
          • Jan 2002
          • 60840

          #5
          thanks for posting.

          Want an Android App for your tube, membership, or free site?

          Need banners or promo material? Hit us up (ICQ Fletch: 148841377) or email me fletchxxx at gmail.com - recent work - About me

          Comment

          • DamageX
            Marketing & Strategy
            • Jun 2001
            • 14293

            #6
            Originally posted by fris
            im pretty sure it only effects 5.3.x
            This vulnerability is present both on PHP 5.3.9, and on PHP 5.2.17 that contains a backported fix for CVE-2011-4885.
            Looks like it does affect at least one version of 5.2.x
            Whitehat is for chumps

            If you don't do it, somebody else will - true story!

            Comment

            • fris
              Too lazy to set a custom title
              • Aug 2002
              • 55679

              #7
              oh snap time to upgrade then
              Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.

              Comment

              • fris
                Too lazy to set a custom title
                • Aug 2002
                • 55679

                #8
                just finished my upgrade

                PHP 5.3.10 with Suhosin-Patch (cli) (built: Feb 4 2012 06:50:45)
                Copyright (c) 1997-2012 The PHP Group
                Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
                with the ionCube PHP Loader v4.0.12, Copyright (c) 2002-2011, by ionCube Ltd
                Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.

                Comment

                • LiveDose
                  Show Yer Tits!
                  • Feb 2002
                  • 25792

                  #9
                  Bump. Thanks.

                  Scammer Alert: acer19 acer [email protected] [email protected] Money stolen using PayPal

                  Comment

                  • MrGusMuller
                    Confirmed User
                    • Oct 2010
                    • 1262

                    #10
                    For those with CPanel...
                    EasyApache 3.8.6 is now available; in this build PHP 5.3.10 replaces 5.3.9.
                    The change log is available here: http://docs.cpanel.net/twiki/bin/vie...syApache#3.8.6
                    StagCMS - Adult CMS - user friendly adult content management system - speed up your websites with no SQL connections
                    ICQ: 63*23*43*113

                    Comment

                    • seeandsee
                      Check SIG!
                      • Mar 2006
                      • 50945

                      #11
                      Fucking vulnerability holes, is there some super protected coding to work with...
                      BUY MY SIG - 50$/Year

                      Contact here

                      Comment

                      • Klen
                        • Aug 2006
                        • 32235

                        #12
                        But still question is will it fuck up some scripts if i do update....

                        Comment

                        • Operator
                          So Fucking Banned
                          • May 2009
                          • 2419

                          #13
                          Php 5.1.6

                          Comment

                          • 6South
                            Registered User
                            • Jan 2011
                            • 84

                            #14
                            PHP is a risk no matter what version you upgrade to and installing the latest, greatest build of PHP is almost guaranteed to break at least one of your apps.

                            As usual, this type of vulnerability can be protected against without constant upgrading by simply managing your PHP configuration and responsible administration / monitoring of your servers.

                            Suhosin, responsible PHP settings, active protection (mod_security) and a decent malware / exploit scanner will serve you much better than trying to keep up with the patches. For every published exploit there's at least a dozen others out there at any given time.
                            -= Software / Systems Architect and Server Geek =-

                            Comment

                            Working...