Kuwait Linux User Group

Major bug in PHP opens database security hole.
Date: Wednesday, December 22, 2004 @ 17:40:15 EST
Topic: story


theinquirer.net :
SERIOUS BUG in the popular PHP development language can leave databases wide open to intrusion if the proper security steps aren't taken. A posting over the weekend to the development homepage of forum software phpBB highlighted the issue, which had already been picked up by security consultants Secunia on Thursday.

The exploit, which affects php versions prior to 4.3.10 or 5.0.3, uses errors in the way that serialisation and realpath commands are handled to gain escalated privileges, bypass some security restrictions and compromise a vulnerable system. Many web administrators are suffering problems from hackers that have been quick to do what damage they can - we know that Inq favourite the Ace of Spodes has been having troubles.
complete story





This article comes from Kuwait Linux User Group
http://www.q8linux.net

The URL for this story is:
http://www.q8linux.net/modules.php?name=News&file=article&sid=142