Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

php 4.4 vul

Discussion in 'General Discussion' started by denisdekat09, Sep 14, 2006.

  1. denisdekat09

    denisdekat09 Well-Known Member

    Joined:
    Mar 2, 2002
    Messages:
    265
    Likes Received:
    0
    Trophy Points:
    316
    Location:
    San Francisco
    I read about this, but when I do easyapache I only see the version said to be vulnerable:

    http://www.securiteam.com/unixfocus/5DP0B00JPA.html

     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. denisdekat09

    denisdekat09 Well-Known Member

    Joined:
    Mar 2, 2002
    Messages:
    265
    Likes Received:
    0
    Trophy Points:
    316
    Location:
    San Francisco
    seems to also be an exploit with php and php_myadmin:



    Titled: PHP 5.1.6 / 4.4.4 Critical php_admin* Bypass by ini_restore()

    We got 4.4.4 php on our easyapache build...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    168
    What version would you like to get then? Ofcourse, you could take the time to check www.php.net to see that those are actually the latest php versions out...
    http://www.php.net/downloads.php

    It seems the PHP developers are not concerned about safe_mode & open_basedir exploits these days.

    Also, why not just just disable ini_restore in php.ini?
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice