digg

Facebook Connect Join Digg About

Serious PHP Flaws Found

theinquirer.net Security boffins have found a critical vulnerability in two PHP libraries that are used to provide web services and content management systems.

Who dugg this? Made popular Aug 25, 2005

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

16 Comments

show profanity settings
expand all
  • nOOBert, on 10/12/2007, -0/+0Most good ISP will have installed the fix if and when it is release if it hasnt been already.
  • inactive, on 10/12/2007, -0/+0d'oh, not again.
  • mcewen98, on 10/12/2007, -0/+0Unless this is even newer, Drupal has already been fixed. Version 4.6.3 was released on August 14th. Drupal states:

    "Drupal 4.6.3 also fixes a new security vulnerability in the third-party XML-RPC library that Drupal ships with.....If you cannot upgrade at once, we strongly suggest that you remove the xmlrpc.php file from your Drupal installation's root directory. The xmlrpc.php file is used only for Drupal to receive XML-RPC calls."
  • 1337geek, on 10/12/2007, -0/+0craptastic, ofcourse php rules a good portion of the internet, especially among free cms's.
  • inactive, on 10/12/2007, -0/+0by the way, the command to patch most systems will be:

    $ pear upgrade XML_RPC

    as root.
  • phoenixdig, on 10/12/2007, -0/+0I wish the headline on the related story was a bit more accurate. They make it sound like the php engine is to blame when it's just a library written in php that is commonly used.

    I am sure there are many libraries out there that are buggy doesn't mean the language is prone to hacks. Just the stupid scripters code.
  • mcewen98, on 10/12/2007, -0/+0More info and which products have patches here: http://www.securityfocus.com/bid/14560/solution
  • skoopmanschap, on 10/12/2007, -0/+0awaits Pivotlog patch for the third time in a row.
  • inactive, on 10/12/2007, -0/+0good thing I don't use ***** pear.
  • inactive, on 10/12/2007, -0/+0"So, Doofus, you'd rather used closed source propiatery software, having just as many or more vulnerabilities, living in ignorance, with far less people around to see the source code and notice the vulnerability before someone malicious finds it?"

    Pretty much. I don't have as many vulnerabilities when people don't know how my code works. :)

    "It has no business model and it is taking away money from poor and starving programmers."
    Amen.
  • Snuffkin, on 10/12/2007, -0/+0So, Doofus, you'd rather used closed source propiatery software, having just as many or more vulnerabilities, living in ignorance, with far less people around to see the source code and notice the vulnerability before someone malicious finds it?
  • fidosax, on 10/12/2007, -0/+0I wonder if this is how un-root nailed an entire local school system's network? Pretty heartless if you ask me.
  • jkearney, on 10/12/2007, -1/+0^^ you suck
  • doofus, on 10/12/2007, -2/+0I avoid open source software like the plague. It has no business model and it is taking away money from poor and starving programmers.
  • doofus, on 10/12/2007, -4/+2This is the sole reason why I only use closed sourced proprietary software.

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.