[Typo3-dev] Security Alert! Multiple Vulnerabilities Within PHP 4/5
Michiel van Leening
leening at saurus.nl
Tue Dec 28 08:32:35 CET 2004
Juergen Egeling wrote:
> * Michiel van Leening <leening at saurus.nl> [041226 22:43]:
>
>>Thanks for re-posting this info on the list, but php 4.3.10 and 5.0.3
>>were released about 12 days ago!
>>
>
> So the bad guys had at least 12 days for defacing your system.
> http://isc.sans.org//index.php
No :-) Since a good sysadmin updated his system around the 17th, just 2
days after the release (since a release is considered stable).
> short cite:
> A php Internet worm released on 12/25/2004 that doesn't
> use php bulletin boards - it attacks "ALL php scripts/pages
> which are vulnerable to a "File Inclusion" Flaw".
>
> So this usually happens around Xmas, when people are at home the
> bad guys have some more time to open some boxes, ...
>
> IMHO there has to be a page on typo3.org, that covers such themes
> (or at least a news section).
True. I second that!
--
Met vriendelijke groeten,
Michiel van Leening
---------------------------------------------------------------
Saurus Internet - http://www.saurus.nl/ - info at saurus.nl
Vestesingel 8, 9408 CA - Assen, The Netherlands
tel: +31 (0)592.461.467 - fax: +31 (0)84.86.88.007
Michiel van Leening - Internet Application Developer
leening at saurus.nl - gsm: +31 (0)65.57.12.693 - ICQ#51566230
Registered with the Linux Counter. ID #39463
---------------------------------------------------------------
Cache:
A very expensive part of the memory system of a computer that no one
is supposed to know is there.
More information about the TYPO3-dev
mailing list