The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FYI if you are running PHP < 5.3.1

Discussion in 'Security' started by thobarn, Nov 22, 2009.

  1. thobarn

    thobarn Well-Known Member

    Joined:
    Apr 25, 2008
    Messages:
    153
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    sanctum sanctorum
    if you allow file uploads this bugtraq posting may be of interest to you. I confirmed the DOS condition on one of my servers. Although the author does not provide a POC, not much imagination required to build a LFI from the description, though I did not test this.
     
    #1 thobarn, Nov 22, 2009
    Last edited: Nov 22, 2009
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
  3. m0rgulvale

    m0rgulvale Member

    Joined:
    Sep 18, 2009
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    does cpanel have a patch for the 5.2.11 vuln
     
  4. radeonpower

    radeonpower Well-Known Member

    Joined:
    Jul 23, 2009
    Messages:
    129
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    From what I've heard the PHP team will release 5.2.12 on thursday which fixes this problem.
     
  5. m0rgulvale

    m0rgulvale Member

    Joined:
    Sep 18, 2009
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    thx for reply

    question:

    does this mitigate flaw:

    SecurityFocus

    3. Install Suhosin PHP extension
    The Suhosin PHP extension has an option named "suhosin.upload.max_uploads".
    This option defines the maximum number of files that may be uploaded
    with one request and by default is set to 25.
    Suhosin PHP extension should not be confused with the Suhosin Patch
    which does not protect against this attack.


    edit php.ini to contain suhosin.upload.max_uploads = 25 ?
     
Loading...

Share This Page