Advertisement:

Author Topic: PHP Vulnerabilities (Critical Update/Patch)  (Read 94198 times)

Offline Fizzy

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 3,676
  • Gender: Male
  • SMF World Domination
Re: PHP Vulnerabilities (Critical Update/Patch)
« Reply #60 on: February 14, 2005, 08:34:35 AM »
Well I would have thought that the most urgent would be an upgrade to PHP 4.3.10 together with the required Zend upgrade  ;)
"Reality is merely an illusion, albeit a very persistent one." - A.E.


Offline forumite

  • Full Member
  • ***
  • Posts: 408
    • The RV Forum
Re: PHP Vulnerabilities (Critical Update/Patch)
« Reply #61 on: March 02, 2005, 05:09:04 PM »
What should the permissions be set to for the two patch files? In the patch they're set to 644, but the existing two files on my server are set to 777.

TIA

Tom

Offline [Unknown]

  • SMF Friend
  • SMF Master
  • *
  • Posts: 36,102
  • Gender: Male
Re: PHP Vulnerabilities (Critical Update/Patch)
« Reply #62 on: March 02, 2005, 05:11:55 PM »
What should the permissions be set to for the two patch files? In the patch they're set to 644, but the existing two files on my server are set to 777.

It doesn't matter.

Why chmod 777 is NOT a security risk

-[Unknown]

Offline MrFlicks

  • Jr. Member
  • **
  • Posts: 274
  • Gender: Male
  • Building Many Worlds
    • TVWorlds
Re: PHP Vulnerabilities (Critical Update/Patch)
« Reply #63 on: March 30, 2005, 07:56:08 AM »
A number of vulnerabilities have been reported in PHP (the language in which SMF is written) which may allow attackers to compromise your site and/or server. While this is not SMF's fault, and indeed affects a huge number of respected PHP programs, patching it by upgrading PHP (the preferred method) or applying our own SMF patch is regarded as a critical update.

To patch these vulnerabilities in PHP completely, you should upgrade (or ask your host to upgrade) PHP to version 4.3.10 or 5.0.3.  However, be aware of a problem some people have encountered after upgrading PHP.

If this is not possible for some reason (or cannot be done immediately), you should download and apply the security patch available in the package manager, or extract and upload the attached zip file (for RC2 - a separate file is available for Charter Members.) The files on the downloads page have already been updated so, if you downloaded them after this post was made, you're fine already.  This patch is not required if your PHP version has been upgraded, although it will not cause any problems if installed.

We're still looking into the repercussions of some of the security holes found, but are committed to dealing with problems of this nature promptly, whatever the cause.

Regards,
Simple Machines

Would I still need this say for TVWorlds.com or is this concerning an earlier version?

Offline Trekkie101

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 8,158
  • Gender: Male
  • Ad Astra!
    • https://www.facebook.com/DLRPRoundup on Facebook
    • @dlrproundup on Twitter
    • DLRP Roundup
Re: PHP Vulnerabilities (Critical Update/Patch)
« Reply #64 on: March 30, 2005, 08:00:18 AM »
no  :)

Offline MrFlicks

  • Jr. Member
  • **
  • Posts: 274
  • Gender: Male
  • Building Many Worlds
    • TVWorlds
Re: PHP Vulnerabilities (Critical Update/Patch)
« Reply #65 on: March 30, 2005, 10:22:13 AM »
Cool TY

Offline paulanator

  • Newbie
  • *
  • Posts: 1
Re: PHP Vulnerabilities (Critical Update/Patch)
« Reply #66 on: January 12, 2007, 01:17:18 AM »
Thanks for the updates, my site was hacked too.

Offline Gary

  • Sorceress's Knight
  • Lead Customizer
  • SMF Super Hero
  • *
  • Posts: 18,429
  • Gender: Male
  • So this is the luck of the draw...
    • Gazmanafc on Facebook
    • garygadsdon on LinkedIn
    • @Gazmanafc on Twitter
    • Dissidia Opera Omnia Helper
Re: PHP Vulnerabilities (Critical Update/Patch)
« Reply #67 on: January 12, 2007, 10:50:15 AM »
This topic hasnt been posted in for nearly two years...

This patch was for 1.0 RC2. It is included by default..

-AwwLilMaggie
Gary M. Gadsdon
Do NOT PM me unless I say so

War of the Simpsons
Bongo Comics Fan Forum
Youtube Let's Plays

^ YT is changing monetisation policy, help reach 1000 sub threshold.

Offline SBGamesCone

  • Semi-Newbie
  • *
  • Posts: 16
  • Gender: Male
    • Snackbar Games
Re: PHP Vulnerabilities (Critical Update/Patch)
« Reply #68 on: January 26, 2007, 12:55:50 PM »
This topic hasnt been posted in for nearly two years...

This patch was for 1.0 RC2. It is included by default..

-AwwLilMaggie

Is there a new vulnerability that is out and being exploited?

http://www.surmunity.com/showthread.php?p=232560#post232560 [nofollow]

Offline Fizzy

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 3,676
  • Gender: Male
  • SMF World Domination
Re: PHP Vulnerabilities (Critical Update/Patch)
« Reply #69 on: January 26, 2007, 03:20:06 PM »
What makes him think SMF is to blame? The fact that wordpress was compromised make me suspect that this is not SMF related at all.

I find it quite invidious when people claim "SMF hacked" without even producing a single piece of evidence to show that it was to blame.
"Reality is merely an illusion, albeit a very persistent one." - A.E.