Date: Sat, 02 Mar 2002 21:34:18 -0600 From: Bob Martin <bob@uudet.org> Cc: isp@freebsd.org Subject: Re: HEADS UP: Security Alert For Apache / PHP Webservers Message-ID: <3C8199BA.9010609@uudet.org> References: <DC21C58FDD6FD511952A0002A55CAD634E7874@nlspm003.nl.eds.com> <07cb01c1bfa6$d1c99550$3531000a@shaw.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
I always go to the source. There is a PHP vuneralability for PHP. The solution/patches are on the PHP site, as well as at CERT. The fastest way to work around is to disable file uploads in PHP.INI, or go to the latest stable version. Bob Martin Laurence Brockman wrote: > Just another heads up as well. > > Lately on a lot of security lists there is a lot of dis-information being > posted. On Security Focus lists there have even been "exploits" posted that > in reality are trojans that will open up a root shell on unsuspecting users. > > So far I have seen these so called advisories (Or really rumours of > vulnerabilities) for Apache, SSH2 (Later versions), BIND and SNMPD (UCD-SNMP > ver 4.2.2 I think, or ver 4.2.1). Now the SNMPD advisory is real, but the > exploits that have been released aren't. > > So again, be careful with what you believe and run from these lists (As you > should always be)... > > See the following from Blue Boar of the Vuln-Dev list > http://online.securityfocus.com/archive/82/258445 > > Thanks, > Laurence > > ----- Original Message ----- > From: "Van Beerschoten, Stephan" <stephan.vanbeerschoten@eds.com> > To: <security@freebsd.org>; <isp@freebsd.org>; <ports@freebsd.org> > Sent: Wednesday, February 27, 2002 7:14 AM > Subject: FW: HEADS UP: Security Alert For Apache / PHP Webservers > > > >>I usually don't mail from my corporate account, but this needs some fast >>fixing on almost all FreeBSD/apache/php servers. >> >>-Stephan >> >> > > <SNIP> > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C8199BA.9010609>