IMP 2.2.6 (SECURITY) released
Anil Madhavapeddy
anil@recoil.org
Sun, 22 Jul 2001 14:24:24 +0100
On Sat, Jul 21, 2001 at 05:22:22PM -0500, Brent J. Nordquist wrote:
>
> (1) A PHPLIB vulnerability allowed an attacker to provide a value for
> the array element $_PHPLIB[libdir], and thus to get scripts from another
> server to load and execute. This vulnerability is remotely exploitable.
> (Horde 1.2.x ships with its own customized version of PHPLIB, which has
> now been patched to prevent this problem.)
Incidentally, this problem is not remotely exploitable if you have
turned off transparent URL handling in the fopen() function in PHP.
Look in your php.ini file for this line:
allow_url_fopen = On
and turn it 'Off'.
Most applications don't need this URL parsing, and you should turn it on
specifically for those that do, rather than leaving it on as a
default.
--
Anil Madhavapeddy, <anil@recoil.org>