Any idea when the PHP patches are going to be available. The Santy thing this morning only exploits phpBB, so if you're not running that you are okay for the moment, but exploit code for the unserialize() vuln has been around for at least 4 days, so I suspect someone will turn that into a worm pretty quick. -- Jim Clausing GCFA, GCIA, CISSP, CCSA
On Tue, 2004-12-21 at 16:43 -0500, Jim Clausing wrote:
Any idea when the PHP patches are going to be available. The Santy thing this morning only exploits phpBB, so if you're not running that you are okay for the moment, but exploit code for the unserialize() vuln has been around for at least 4 days, so I suspect someone will turn that into a worm pretty quick.
it seems to be the case already: http://beta.search.msn.com/results.aspx?q=NeverEverNoSanity&FORM=QBNO regards, Olivier -- _______________________________________________________ Olivier Müller - PGP key ID: 0x0E84D2EA - Switzerland E-Mail: http://omx.ch/mail/ - AIM/iChat: swix3k
participants (2)
-
Jim Clausing
-
Olivier Mueller