-
-
Re: Yet another PHP worm
On 7 Nov 2005 17:03:26 -0800, "Chung Leong" <chernyshevsky@ hotmail.com> wrote:
[color=blue]
>See http://www.theregister.co.uk/2005/11/07/linux_worm/[/color]
In XML_RPC, again. And the same issue, it's using eval() and getting it wrong.
Looks like they did the right thing this time, and eliminated use of eval().
--
Andy Hassall :: andy@andyh.co.u k :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool
-
Re: Yet another PHP worm
I don't believe the worm is using a new vulnerability. There're
probably plenty of servers with out-of-date version of that component
to exploit. A serious issue with component-programming in PHP: The
chief reason to use existing components instead of writing your own
code is to save time. It's unrealistic to expect programmers to invest
the necessary time to monitor the various components for security
updates.
Comment
-
Re: Yet another PHP worm
On Tue, 08 Nov 2005 01:47:29 +0000, Andy Hassall wrote:
[color=blue]
> In XML_RPC, again. And the same issue, it's using eval() and getting it wrong.[/color]
Will updating the PHP XML-RPC components also fix the affected
applications? Meaning, for example, do I have to update Nucleus, or can I
just update the XML-RPC components of PHP?
Thanks
--
JDS | jeffrey@example .invalid
| http://www.newtnotes.com
DJMBS | http://newtnotes.com/doctor-jeff-master-brainsurgeon/
Comment
Comment