vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Hole in PHP could give attacker server control (https://vborg.vbsupport.ru/showthread.php?t=41447)

JJR512 07-24-2002 01:44 AM
Hole in PHP could give attacker server control
 
This is not a request for help. This is some news for your information.
Quote:
Hole in PHP could give attacker server control
ITworld.com 7/22/02

Sam Costello, IDG News Service, Boston Bureau
A security hole in the PHP (PHP: Hypertext Preprocessor) scripting language used on many Web servers could allow an attacker to execute code on affected systems or even take control of them, according to a security alert released Monday by The PHP Group.

The vulnerability affects PHP 4.2.0 and 4.2.1 and comes as a result of a flaw in the HTTP POST parser component of PHP. The HTTP POST parser is used to differentiate between files and variables sent by users to a Web server through Web forms, according to the alert. Insufficient checking in the parser could allow an attacker to crash the server, execute code or even take control of the system, The PHP Group said.

The hole can be exploited, locally or remotely, by anyone who can send HTTP POST requests to a server, the advisory said.

Different platforms may respond to attacks differently, however. PHP running on the IA-32 platform, more commonly-known as the x86 platform that includes such chips as the Pentium, does not experience the code execution issue, though attack on the vulnerability can still crash PHP or the Web server, according to the advisory.

A new version of PHP, 4.2.2, has been released to fix the problem. The new version of the software can be downloaded at http://www.php.net/downloads.php. The full security advisory is also available at http://www.php.net/release_4_2_2.php.

Sam Costello is a correspondent for the IDG News Service.
From ITworld.com

DrkFusion 07-24-2002 02:05 AM
Im sure this will be fixed very quickly.

JJR512 07-24-2002 02:17 AM
It's already been fixed, according to the article: "A new version of PHP, 4.2.2, has been released to fix the problem." So, any of you that run your own servers, should look into upgrading, and those of you whose sites are hosted should make sure your webhosting company is aware of this.

DrkFusion 07-24-2002 02:32 AM
Cool, I will be upgrading php in 5 minutes, thanks for that update, I didn't know about it.

Drk

Admin 07-24-2002 06:59 AM
The Jelsoft server has been upgraded, in case anyone thinks about trying... :)

Sparkz 07-24-2002 08:28 AM
Downloading the new version just after it was released was a major pain in the butt!

Imagine fighting for a download slot with all those other maniacs :P

Admin 07-24-2002 08:31 AM
Just use one of the mirrors... That's what I did.

Sparkz 07-24-2002 08:34 AM
All the close mirrors were just as slow...

DrkFusion 07-24-2002 01:53 PM
Download it at download.com lol...the fastest you can get with those maniacks. U would have to use the linux downloads if u have a linux server, and windows if windows server and so on....but it works, though I didn't download mine there.

Drk

Admin 07-24-2002 05:02 PM
Quote:
Originally posted by DrkFusion
U would have to use the linux downloads if u have a linux server, and windows if windows server
Let's take a moment to digest this complicated logic of yours... ;)


All times are GMT. The time now is 10:17 AM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01061 seconds
  • Memory Usage 1,729KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete