The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Insecure apache

Discussion in 'EasyApache' started by Guda, Oct 11, 2004.

  1. Guda

    Guda Member
    PartnerNOC

    Joined:
    Aug 16, 2001
    Messages:
    20
    Likes Received:
    1
    Trophy Points:
    1
    I login to whm and get insecure apache setup.... anything recent, our servers are upto date? anyone have any info about this?
     
  2. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    699
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney / Australia
    Just upgraded to PHP 4.39 and it'll disapear :D
     
  3. Guda

    Guda Member
    PartnerNOC

    Joined:
    Aug 16, 2001
    Messages:
    20
    Likes Received:
    1
    Trophy Points:
    1
    well doi, I know upgrading will fix the warning, what i want to know is if anyone has any information asto what the security vulnerability is and where it is? I'm assuming php...
     
  4. Guda

    Guda Member
    PartnerNOC

    Joined:
    Aug 16, 2001
    Messages:
    20
    Likes Received:
    1
    Trophy Points:
    1
    hmm appears its "50 noncritical bug fixes"

    The PHP Development Team is proud to announce the immediate release of PHP 4.3.9. This is a maintenance release that in addition to over 50 non-critical bug fixes, addresses a problem with GPC input processing. This release also re-introduces ability to write GIF images via the bundled GD extension. All Users of PHP are encouraged to upgrade to this release as soon as possible.

    How can bug fixes allow my apache setup to be compromised?
     
  5. Lem0nHead

    Lem0nHead Well-Known Member

    Joined:
    Sep 2, 2003
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    i run easyapache but kept php 4.3.8
    am i not safe?
     
  6. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    You need to look at the changelog for 4.3.8 ;)
     
  7. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    You are not safe, upgrade ASAP
     
  8. feanor

    feanor Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    836
    Likes Received:
    0
    Trophy Points:
    16

    Abe-

    Please do submit your proof of this comment, I would love to hear it as to my knowledge and the majority of the internet's... PHP 4.3.9 hasn't a single security-related tweak, it is entirely cosmetic for the most part. A slew of slight to moderate bug fixes.

    :cool: Please.... elaborate, provide specifics, who told you, all of the gory details would certainly be appreciated.


    Thanks much.
     
  9. feanor

    feanor Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    836
    Likes Received:
    0
    Trophy Points:
    16
    The following URLs may indeed contribute to this discussion:

    http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00027.html
    http://www.securityfocus.com/archive/1/375370/2004-09-15/2004-09-21/0


    (especially the second URL)...

    So that would validate what's been stated here.
    HOWEVER, the build defect is allegedly for versions previous to PHP versions less than 5.0...

    Essentially we need someone from Darkorb to weigh in on this one, with specifics on why the vulnerability has been activated within WHManager and why 4.3.9 would even make a difference on related systems.
     
    #9 feanor, Oct 15, 2004
    Last edited: Oct 15, 2004
  10. feanor

    feanor Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    836
    Likes Received:
    0
    Trophy Points:
    16
    And..........

    Basically as I actually decided to thoroughly read everything it would appear that the hole allowing for the writing of files to particularly sensitive areas via PHP 4.3.8 (and lower) hath been repaired in the list of bugfixes in 4.3.9, though nobody had realized it until very recently.

    So congratulations to Abe & the crew that insisted things were busted.
    :)


    Next time provide the details that led you to that conclusion, is all I'm asking.

    Thanks much!

    Have a great weekend.
     
  11. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That bug (in 4.3.8) was posted to BUGTRAQ some time ago. If you're not subscribed, I'd definitely recommend that you do.
     
Loading...

Share This Page