Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Developer Center > PHP vulnerabilities affect other than PHPBB ?

PHP vulnerabilities affect other than PHPBB ?
Thread Tools
Love Calm Quiet
Mac Elite
Join Date: Mar 2001
Location: CO
Status: Offline
Reply With Quote
Dec 23, 2004, 09:12 AM
 
I'm surprised that I've not heard reference in these forums to the trashing of web sites by a Google-aided (till they blocked it) invasion:
http://secunia.com/advisories/13481/

I think it was even mentioned on BBC-Tech: as having trashed *hundreds* of PHP/MySQL-driven BBs.

Neither of my hosts has updated from PHP 4.3.09 to 4.3.10 (the fix), has the host for THESE forums?

Also, does anyone know if this presents a vulnerability to my PHP-based site, even tho it is not running a BB? (I got the impression that the BB was simply the way the ?trojan? sought out victims - not necessarily necessary to the vulnerability)
TOMBSTONE: "He's trashed his last preferences"
     
Phil Sherry
Dedicated MacNNer
Join Date: Nov 2004
Location: Stockholm, Sweden
Status: Offline
Reply With Quote
Dec 23, 2004, 09:31 AM
 
i use (mt) Media Temple, and they emailed me this morning to tell me they've upgraded their PHP installation to 4.3.10 because of this vulnerability. MT rocks.
Author of the friends of ED book:
Foundation Mac OS X Web Development
Co-Author of Blog Design Solutions
     
Scotttheking
Moderator Emeritus
Join Date: Dec 2000
Location: College Park, MD
Status: Offline
Reply With Quote
Dec 28, 2004, 07:32 PM
 
My server:

scott@www:~$ apt-cache policy php4
php4:
Installed: 4:4.3.10-2
Candidate: 4:4.3.10-2

From my hosting provider:

PHP version 4.3.10
My website
Help me pay for college. Click for more info.
     
Millennium
Clinically Insane
Join Date: Nov 1999
Status: Offline
Reply With Quote
Dec 29, 2004, 12:43 PM
 
Theoretically it might affect other PHP code, but it would depend on the way that code was written. If you don't use a database and you never open files based on user input, then you are probably OK, but we'd need to see your code to be sure. In any case, even if your own code is safe then it cannot hurt to upgrade, in case you need to use other code in the future which might be vulnerable.
You are in Soviet Russia. It is dark. Grue is likely to be eaten by YOU!
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -5. The time now is 09:02 AM.
All contents of these forums © 1995-2011 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.7 © 2000-2011, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2