Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
php security issue
  • From: Francisco Costa <fgcosta@xxxxxxxxxxx>
  • Date: Fri, 12 Jul 2002 11:53:40 +0300 (GMT-3)
  • Message-id: <Pine.LNX.4.33.0207121147260.16270-100000@xxxxxxxxxxxxxxxxxx>
i have just received what seems to be a script kiddie attempt to
exploit a php vulnereability.
___
+ Checking for vulnerable PHP version...
+ passed: server says PHP/4.0.6

+ exploiting the bug now...

[++++++++++] trying: bfffdf08

+ done ...

+ you should be connected to a dup-shell now
+ if not simply try again
command>
___

I am running php version 4.0.6 indeed, but completely up to date
on every security update. Is it still possible for someone to exploit
this?
What should I do? Get the new version in php.net?

TIA,

__________________________ /"\
Francisco 'Paladino' Costa \ / ASCII Ribbon Campaign
fgcosta@xxxxxxxxxxx X Against HTML Mail
/ \




< Previous Next >
References