Is this re the same phpBBexploit as last week? - GoFuckYourself.com

Damian_Maxcash · 12-20-2004, 06:48 PM

Is this the same problem that was being discussed last week, or another?

I was under the impression it was just with phpBB, but now it seems it is much bigger than that

"------------------------------

Advisory: Multiple vulnerabilities within PHP 4/5
Release Date: 2004/12/20

------------------------------

Dear Valued Client,

A recent vulnerability has been discovered in PHP which allows for a remote attack to execute remote commands on servers.

Examples of vulnerable scripts:

- phpBB2
- Invision Board
- vBulletin
- Woltlab Burning Board 2.x
- Serendipity Weblog
- phpAds(New)

Overview:

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

During the development of Hardened-PHP which adds security hardening features to the PHP code base, several vulnerabilities within PHP
were discovered that reach from buffer overflows, over information leak vulnerabilities and path truncation vulnerabilities to
safe_mode restriction bypass vulnerabilities.

Recommendation:

It is strongly recommended upgrading to the new PHP-Releases as soon as possible, as a lot of PHP applications expose the easy to exploit unserialize() vulnerability to remote attackers.

Immediate Action:

As a result of this recent vulnerability, Webair will be systematically upgrading PHP & Zend on all managed dedicated servers and virtual servers. The upgrades will commence immediately due of the urgent nature of this issue.

Colocated / Unmanaged Clients:

If you are a colocated client we would advise you to upgrade to the latest version of Php (4.3.10 available at http://www.php.net), as well as the latest version of Zend. (Available at http://www.zend.com).

If you require assistance performing these upgrades please contact Webair Customer Service to schedule a time accordingly.

Customer Impact:

Customers will experience an outage of up to 3-5 minutes while Apache restarts to load the new version of PHP.

If you have any questions or concerns about this Security advisement, please feel free to call us at 1.866.WEBAIR1 for prompt assistance.

Thank you,

Webair Internet Development Inc.
Phone: 516.938.4100
Toll Free: 1.866.WEBAIR1
Fax: 516.938.5100
http://www.webair.com
'

Good to see webair on the ball BTW

12-20-2004, 06:48 PM	#1
Damian_Maxcash So Fucking Banned Join Date: Oct 2002 Location: MaxCash.com Posts: 12,745	Is this re the same phpBB exploit as last week? Is this the same problem that was being discussed last week, or another? I was under the impression it was just with phpBB, but now it seems it is much bigger than that "------------------------------ Advisory: Multiple vulnerabilities within PHP 4/5 Release Date: 2004/12/20 ------------------------------ Dear Valued Client, A recent vulnerability has been discovered in PHP which allows for a remote attack to execute remote commands on servers. Examples of vulnerable scripts: - phpBB2 - Invision Board - vBulletin - Woltlab Burning Board 2.x - Serendipity Weblog - phpAds(New) Overview: PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. During the development of Hardened-PHP which adds security hardening features to the PHP code base, several vulnerabilities within PHP were discovered that reach from buffer overflows, over information leak vulnerabilities and path truncation vulnerabilities to safe_mode restriction bypass vulnerabilities. Recommendation: It is strongly recommended upgrading to the new PHP-Releases as soon as possible, as a lot of PHP applications expose the easy to exploit unserialize() vulnerability to remote attackers. Immediate Action: As a result of this recent vulnerability, Webair will be systematically upgrading PHP & Zend on all managed dedicated servers and virtual servers. The upgrades will commence immediately due of the urgent nature of this issue. Colocated / Unmanaged Clients: If you are a colocated client we would advise you to upgrade to the latest version of Php (4.3.10 available at http://www.php.net), as well as the latest version of Zend. (Available at http://www.zend.com). If you require assistance performing these upgrades please contact Webair Customer Service to schedule a time accordingly. Customer Impact: Customers will experience an outage of up to 3-5 minutes while Apache restarts to load the new version of PHP. If you have any questions or concerns about this Security advisement, please feel free to call us at 1.866.WEBAIR1 for prompt assistance. Thank you, Webair Internet Development Inc. Phone: 516.938.4100 Toll Free: 1.866.WEBAIR1 Fax: 516.938.5100 http://www.webair.com ' Good to see webair on the ball BTW Last edited by Damian_Maxcash; 12-20-2004 at 06:52 PM..