Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: alec on May 08, 2002, 05:42:01 PM

Title: PHP remote vulnerabilities
Post by: alec on May 08, 2002, 05:42:01 PM

are thre any known PHP remote vulnerabilities in the e-smith/sme os???
 i read an interesting artikle in http://security.e-matters.de/advisories/012002.html

i don´t know if the bugs belong to any of the e-smith server....if they do, what bugfixes do i need?
-i found patches under http://www.php.net/downloads.php

thanx, alec

Title: Re: PHP remote vulnerabilities
Post by: Dan Brown on May 08, 2002, 06:01:29 PM

If you'd looked at the front page of e-smith.org, your questions would be answered.

Title: Re: PHP remote vulnerabilities
Post by: Andy MacDonald on May 08, 2002, 06:02:50 PM

If you read the e-smith.org front page, like all of it going down, you'll be aware of any vulnerabilities that are known in a default installation. If you've installed the 5.1.2 blade update one, or the php fix, you're ok for the php file upload vulnerability.
Unknown vulnerabilities are NOT listed, for obvious reasons....
Once you start sticking things onto your server, things change and you'll have to monitor other places for security warnings, if they eventuate.
The only people I've seen get owned in these forums have put programs like PHPNuke on their server, which have known exploits....

Title: Re: PHP remote vulnerabilities
Post by: alec on May 08, 2002, 09:50:18 PM

thanx to all!

...i ´ve to change my default browserpage from the e-smith discussion board into the front page of e-smith.org :-)

alec