[Typo3-dev] Security Alert! Multiple Vulnerabilities Within PHP 4/5
Juergen Egeling
egeling at punkt.de
Mon Dec 27 19:13:21 CET 2004
* Michiel van Leening <leening at saurus.nl> [041226 22:43]:
> Thanks for re-posting this info on the list, but php 4.3.10 and 5.0.3
> were released about 12 days ago!
>
So the bad guys had at least 12 days for defacing your system.
http://isc.sans.org//index.php
short cite:
A php Internet worm released on 12/25/2004 that doesn't
use php bulletin boards - it attacks "ALL php scripts/pages
which are vulnerable to a "File Inclusion" Flaw".
So this usually happens around Xmas, when people are at home the
bad guys have some more time to open some boxes, ...
IMHO there has to be a page on typo3.org, that covers such themes
(or at least a news section).
Juergen
More information about the TYPO3-dev
mailing list