Mike wrote:
on 2/4/05 8:07 AM, Jochem Maas at jochem@xxxxxxxxxxxxx wrote:
I have been hit twice now with the udp.pl exploit found in phpbb
I thought that upgrading to php 4.3.10 would stop this? Was I wrong?
yes you are wrong - I have no idea why you would think that other than blind
assumption. - phpBB is forum software writting in PHP.....
phpBB IS NOT *&^#%@*&^% PHP!!!!
Why don't you chill out.
well actually this is me chilled out ;-)
my reaction was based on the fact that the exploit you talked about made
headline news (e.g. coverage on bbc.co.uk) AND is discussed on the projects
own website in some depth... i.e. you could have found the answer yourself.
I ask because 4.3.10 was released to (in part) fix an exploit in phpBB and
PHP < PHP 4.3.10
http://securityfocus.com/archive/1/384773/2004-12-15/2004-12-21/0
It would have been cool if you had added this URL to your OP (assuming you
knew about it at that time). AFAICT that bug actually has nothing to do with the
exploit you were asking about.
It all boils down to sanitizing input/thruput/output vars. there is a
recent long thread (started 2nd Feb) on internals@xxxxxxxxxxxxx
called 'PHP 5.1' which you might find helpful.
Just wanted to make sure my situation was not related to this one.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
