Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
New PHP Bug
Results 1 to 6 of 6

Thread: New PHP Bug

  1. #1
    Semp
    Guest

    New PHP Bug

    I just wanted to make the GetLinuxOnline users aware of this bug in PHP3 and PHP4. There is one known exploit making rounds in the anti.sec community at this point in time. You can find a little information at http://security.e-matters.de/advisories/012002.html

  2. #2
    JimH
    Guest

    Re:New PHP Bug

    Thanks. We will probably be seeing a flood of PHP updates from the major Linux distro's.

    Jim H

  3. #3

    Re:New PHP Bug

    Althought we don't have any multi-part forms here on GLO....I have advised our host and he should be updating today...Thanks for the update!


    Aragorn
    If you give a man a fire he'll be warm, if you light the man on fire he'll be warm for life.

  4. #4
    Semp
    Guest

    Re:New PHP Bug

    I got some more information on these bugs.

    AFAIK the exploit takes advantage of a buggy memchr() call in versions 4.0.6 and below. This vulnerability is exploitable remotely, no "upload" or local access is needed. I heard that the patch put into CVS a few days ago was just for RFC compliance...

    This information has been provided by H D Moore.

  5. #5
    JimH
    Guest

    Re:New PHP Bug

    I updated my apache box with the update form Red Hat and it seems to have broken my access to Mysql. :'( I haven't looked at it yet to see what is going on.

    Warning: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2) in /var/www/html/phplib/php/db_mysql.inc on line 73
    Database error:

    pconnect(localhost, jimh, $Password) failed.


    MySQL Error: 0 ()
    Please contact the webmaster and report the exact error message.
    Session halted.

    Everything worked before the update.

    Jim H

  6. #6
    JimH
    Guest

    Re:New PHP Bug

    Anyone else having the same mysql problem after upgrading PHP this is the workaround. Someone has already submitted the problem to Red Hat as a bug.

    Edit this line in /etc/php.ini

    mysql.default_socket = /var/lib/mysql/mysql.sock

    Jim H


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •