The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

php 4.4 vul

Discussion in 'General Discussion' started by denisdekat09, Sep 14, 2006.

  1. denisdekat09

    denisdekat09 Well-Known Member

    Joined:
    Mar 2, 2002
    Messages:
    265
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Francisco
    I read about this, but when I do easyapache I only see the version said to be vulnerable:

    http://www.securiteam.com/unixfocus/5DP0B00JPA.html

     
  2. denisdekat09

    denisdekat09 Well-Known Member

    Joined:
    Mar 2, 2002
    Messages:
    265
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Francisco
    seems to also be an exploit with php and php_myadmin:



    Titled: PHP 5.1.6 / 4.4.4 Critical php_admin* Bypass by ini_restore()

    We got 4.4.4 php on our easyapache build...
     
  3. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    What version would you like to get then? Ofcourse, you could take the time to check www.php.net to see that those are actually the latest php versions out...
    http://www.php.net/downloads.php

    It seems the PHP developers are not concerned about safe_mode & open_basedir exploits these days.

    Also, why not just just disable ini_restore in php.ini?
     
Loading...

Share This Page