[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Sicherheits problem: PHP Version 4.1.2



Ich habe ein Sicherheits check gemacht,
und die aktuelle PHP version von Debian (als modul in apache) ist 4.1.2

Leider hat die ein Sicherheitsproblem laut meines programs!:

CGI Scripts: TCP:80 - PHP multipart/form-data Post Buffer Overflow
Risk Level: High
Description: PHP contains code for intelligently parsing the headers of HTTP
POST requests. The code is used to differentiate between variables and files
sent by the user agent in a "multipart/form-data" request. This parser has
insufficient input checking, leading to the vulnerability. The vulnerability
is exploitable by anyone who can send HTTP POST requests to an affected web
server. Both local and remote users, even from behind firewalls, may be able
to gain privileged access.
How To Fix:
The PHP Group has released a new PHP version, 4.2.2, which incorporates a
fix for the vulnerability. All users of affected PHP versions are encouraged
to upgrade to this latest version.
URL1: PHP Vulnerability  (http://www.php.net/release_4_2_2.php)



Kann das jemand bestätigen?

saf



Reply to: