Re: (php?) bug exploit report

To: debian-security@lists.debian.org
Subject: Re: (php?) bug exploit report
From: Christian Horchert <chorchert@veedev.de>
Date: Sun, 25 Jan 2004 19:20:04 +0100
Message-id: <[🔎] 18B8D29C-4F63-11D8-9495-000393754328@veedev.de>
In-reply-to: <[🔎] Pine.LNX.4.53.0401200914480.3847@fof.durge.org>
References: <[🔎] 1074519612.400bde3c5cfb5@mail.dominet.hu> <[🔎] 20040120090004.GB3007@net-track.ch> <[🔎] Pine.LNX.4.53.0401200914480.3847@fof.durge.org>

On 20.01.2004, at 10:31, Chris Morris wrote:

Safe mode would certainly have reduced the impact from that script, and
I'd definitely recommend turning it on unless you're very confident of
the quality of all your scripts.


There's also:
- register_globals off (its on by default PHP < 4.2, like in woody)
- allow-url-fopen off (says it all I guess)

  Christian

Reply to:

References:
- (php?) bug exploit report
  - From: Csan <csani@lme.linux.hu>
- Re: (php?) bug exploit report
  - From: Oliver Hitz <oliver@net-track.ch>
- Re: (php?) bug exploit report
  - From: Chris Morris <cim@durge.org>

Prev by Date: Re: Mail processing tool
Next by Date: Re: Mail processing tool
Previous by thread: Re: (php?) bug exploit report
Next by thread: Re: (php?) bug exploit report
Index(es):
- Date
- Thread