Topic: PHP remote vulnerabilities

[alec]

are thre any known PHP remote vulnerabilities in the e-smith/sme os???
 i read an interesting artikle in http://security.e-matters.de/advisories/012002.html

i don´t know if the bugs belong to any of the e-smith server....if they do, what bugfixes do i need?
-i found patches under http://www.php.net/downloads.php

thanx, alec

[Dan Brown]

If you'd looked at the front page of e-smith.org, your questions would be answered.

[Andy MacDonald]

If you read the e-smith.org front page, like all of it going down, you'll be aware of any vulnerabilities that are known in a default installation. If you've installed the 5.1.2 blade update one, or the php fix, you're ok for the php file upload vulnerability.
Unknown vulnerabilities are NOT listed, for obvious reasons....
Once you start sticking things onto your server, things change and you'll have to monitor other places for security warnings, if they eventuate.
The only people I've seen get owned in these forums have put programs like PHPNuke on their server, which have known exploits....

[alec]

thanx to all!

...i ´ve to change my default browserpage from the e-smith discussion board into the front page of e-smith.org

alec