![]() |
PHP Exploit
Didn't see another thread on this. Strange.
Anyways, guessing most hosting companies have allready upgraded (rght? comon now! ;) ) but those with dedicated servers that are unmanaged by your host will need to upgrade ASAP. Essentially this is a remote code execution exploit, i.e. the bad one. This is has much more immediate potential than the Apache vulnerability about a month ago. UPGRADE IMMEDIATELY. Effected versions are 4.2.x up until 4.2.2 (the bugfix release). Older versions may or may not be effected, there seems to be some disagreement about this. I would upgrade to be safe. An interim fix would be to disable both .htaccess (to keep from overrriding apache config) and disabling HTTP POST requests if you have nothing that uses POST's. As I speak, php.net is down. You can grab PHP 4.2.2 from our network or check out php.he.net (a mirror) for more info. Good luck, figured you'd all want a heads up before all the kiddies get their hands on a publicly released exploit. And, in closing... PHP is the fucking devil. I have no idea why the hell anyone would use this shit, but hey, we support it and such is life. :) -Phil |
|
Ah, yep. Was quite a challenge early this morning trying to remember the mirror names when I was looking to get PHP.
Anyways, go to php.net directly for more info straight from the horses mouth. peace, -Phil |
Btw I dont know why you have php in the past I have known php to be much more secure than some other server side based languages.
|
There are many bug fixes for this bug, including patches for 4.0.6
|
Just got done upgrading my server at rackshack. Ran into some trouble but I got it going. If anyone is having trouble upgrading, hit me up. I have some free time this afternoon and would be glad to help you out.
|
| All times are GMT -7. The time now is 07:24 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123