Results 1 to 13 of 13

Thread: Major Security Hole in PHP File Upload

  1. #1

    Thread Starter
    Black Cat JoshT's Avatar
    Join Date
    Nov 2000
    Location
    WNY, USA
    Posts
    4,032

    Major Security Hole in PHP File Upload

    http://www.cert.org/advisories/CA-2002-05.html

    Everyone update your servers.
    Josh
    Get these: Mozilla Opera OpenBSD
    I have books for sale: "MCSD in a Nutshell" and "VB Distributed Exam Cram" - PM me for details. Will also trade for a decent ATX Pentium 2 MB/CPU/RAM combo.

  2. #2
    scoutt
    Guest
    thanks Josh..........

  3. #3
    Addicted Member TheGoldenShogun's Avatar
    Join Date
    Mar 2001
    Location
    VA/MD... anywhere around the beltway
    Posts
    236
    Thanks for the heads up. I'm in-experienced with the setting up of new versions of PHP and patches and stuff. I went to their website and they didn't have any Download's for Red Hat Linux servers. Does anybody know where to get that patch at?

  4. #4
    scoutt
    Guest
    as far as I know, Linux is Linux is Linux. doesn't matter if it is redhat or mandrake it should still be one php file.

  5. #5

    Thread Starter
    Black Cat JoshT's Avatar
    Join Date
    Nov 2000
    Location
    WNY, USA
    Posts
    4,032
    Red Hat should post an RPM on their site, or use the "up2date" tool that comes with their distro. Else, get the PHP source code and compile it yourself.
    Josh
    Get these: Mozilla Opera OpenBSD
    I have books for sale: "MCSD in a Nutshell" and "VB Distributed Exam Cram" - PM me for details. Will also trade for a decent ATX Pentium 2 MB/CPU/RAM combo.

  6. #6
    Addicted Member TheGoldenShogun's Avatar
    Join Date
    Mar 2001
    Location
    VA/MD... anywhere around the beltway
    Posts
    236
    hmm... I'm doing the second option as we speak.. Trying to recompile it. I untarred it and did the make install thing. Anybody know what else needs to be done?

  7. #7
    Erm, is it just me or is there no Win32 download for 4.1.2?

  8. #8
    scoutt
    Guest
    not you. they usually come out with win32 about a month or 2 later. as far as I know they still don't have 4.11 as win32.

  9. #9
    Bummer, so I just have a big ol' hole until then?

  10. #10
    Fanatic Member ubunreal69's Avatar
    Join Date
    Apr 2001
    Location
    Morayfield, Australia
    Posts
    609
    do u have to change any setting thiny's in PHP to enable file uploads ?? cos i cant seem to get it to work

  11. #11
    scoutt
    Guest
    well if your code is correct

    then you shouldn't have to do anything. unless your isp has disabled it.

  12. #12
    Fanatic Member ubunreal69's Avatar
    Join Date
    Apr 2001
    Location
    Morayfield, Australia
    Posts
    609
    Originally posted by scoutt
    well if your code is correct

    then you shouldn't have to do anything. unless your isp has disabled it.
    lol, i host everything myself (ASP, PHP, MySQL) on my one and only ****box computer. (P166, 32MB, 4GB)

    anyway, when i have time to give the code another try i'll consult the forum. thanx scoutt

  13. #13
    Banished Cander's Avatar
    Join Date
    Dec 2000
    Location
    Why do you care?
    Posts
    6,913
    not to worry fillby if you have php4 as the vulnerabilites only affect Linux/solaris. There is an affect for windows in php 3 though.
    Stack Overflow
    See the features of Visual Studio 2010 and C# 4.0: The 10-4 show on Channel9

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width