Welcome to South West (UK) Linux User Group
 
  Signup / Login Home  ·  Web Links  ·  Reviews  ·  Your Account  ·  Submit News  ·  Top List  ·   
 Main Menu
· Home
· Reviews
· Meeting Info
· Mailing List Archive
· FAQ
· Topics
· Web Links
· Get Linux!
· Special Offers/Discounts
· Our Sponsors

· Linux@Home
· Linux@Business
· Linux@School

  

 Please support:
No ePatents!

 A proud member of:
UK Linux User Groups

See all

 Vulnerability in PHP versions 4.2.0 and 4.2.1
PHP Scripting Language admin writes "The PHP Group has learned of a serious security vulnerability in PHP versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary code with the privileges of the web server. This vulnerability may be exploited to compromise the web server and, under certain conditions, to gain privileged access.

PHP contains code for intelligently parsing the headers of HTTP POST requests. The code is used to differentiate between variables and files sent by the user agent in a "multipart/form-data" request. This parser has insufficient input checking, leading to the vulnerability.

The vulnerability is exploitable by anyone who can send HTTP POST requests to an affected web server. Both local and remote users, even from behind firewalls, may be able to gain privileged access."


Note: If you wish to download the latest PHP, please use the UK mirror at http://uk2.php.net.
Posted by admin on Monday, July 22, 2002 - 09:00 PM (164 Reads)
Read more... (1694 bytes more) comments? Send this story to a friend Printer friendly page

Home  ·  Web Links  ·  Reviews  ·  Your Account  ·  Submit News  ·  Top List  · 

Web site powered by PostNuke Redhat LinuxApache Web Server

All logos and trademarks in this site are property of their respective owner. The comments are property of their posters.
Site and most content created and maintained by David Johnson.
Theme by Dezina.com.