Re: IMP 2.2.6 (SECURITY) released

From: Anil Madhavapeddy (anilat_private)
Date: Sun Jul 22 2001 - 06:24:24 PDT

Next message: Florian Weimer: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"

Previous message: Marcus Meissner: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
In reply to: Brent J. Nordquist: "IMP 2.2.6 (SECURITY) released"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jul 21, 2001 at 05:22:22PM -0500, Brent J. Nordquist wrote:
>
> (1)  A PHPLIB vulnerability allowed an attacker to provide a value for
> the array element $_PHPLIB[libdir], and thus to get scripts from another
> server to load and execute.  This vulnerability is remotely exploitable.
> (Horde 1.2.x ships with its own customized version of PHPLIB, which has
> now been patched to prevent this problem.)

Incidentally, this problem is not remotely exploitable if you have
turned off transparent URL handling in the fopen() function in PHP.

Look in your php.ini file for this line:

allow_url_fopen = On

and turn it 'Off'.

Most applications don't need this URL parsing, and you should turn it on
specifically for those that do, rather than leaving it on as a 
default.

--
Anil Madhavapeddy, <anilat_private>

Next message: Florian Weimer: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
Previous message: Marcus Meissner: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
In reply to: Brent J. Nordquist: "IMP 2.2.6 (SECURITY) released"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 08:12:44 PDT