PHP Vulnerability Notification

Bill McGonigle bill at bfccomputing.com
Mon Dec 27 15:43:01 EST 2004


On Dec 23, 2004, at 12:11 PM, Jonathan Linowes wrote:

> fyi,  I just got this from my ISP:
>
>>
>>
>> If you currently use PHP (versions prior to 4.3.10), you may be
>> susceptible
>> to a vulnerability through the "unserialize" function.  This could 
>> allow a
>> remote user access to your web server content. If you are using an 
>> older
>> version of PHP, we strongly recommend that you upgrade as soon as
>> possible.
>> To upgrade to PHP 4.3.10, ....

In case anyone here needs a quick upgrade script, here's what I used to 
upgrade my Apache 1.3/PHP 4 setup (I use it for SquirrelMail only; 
assumes current apache and php source trees are below current folder):

-Bill

-----
#!/bin/tcsh

cd apache_1.3.33
make distclean
./configure
cd ..

cd php-4.3.10
./configure --with-config-file-path=/usr/local/php/php.ini \
	    --enable-force-cgi-redirect \
	    --with-ldap \
	    --enable-track-vars \
             --with-gettext \
	    --with-openssl \
	    --with-apache=../apache_1.3.33
make && sudo make install
cd ..
	
cd apache_1.3.33
./configure --prefix=/usr/local/apache-php \
             --activate-module=src/modules/php4/libphp4.a \
	    --enable-module=rewrite  --enable-module=proxy 
--enable-module=digest \
	    --server-uid=apache     --server-gid=apache
make && sudo make install
cd ..

sudo mkdir -p /usr/local/php
sudo cp php-4.3.10/php.ini-recommended /usr/local/php
echo
echo "Now configure /usr/local/php/php-recommended.ini"
echo

-----
Bill McGonigle, Owner           Work: 603.448.4440
BFC Computing, LLC              Home: 603.448.1668
bill at bfccomputing.com           Cell: 603.252.2606
http://www.bfccomputing.com/    Text: bill+text at bfccomputing.com
AIM: wpmcgonigle                Skype: bill_mcgonigle




More information about the gnhlug-discuss mailing list