IMP 2.2.6 (SECURITY) released

Anil Madhavapeddy anil@recoil.org
Sun, 22 Jul 2001 14:24:24 +0100

Previous message: Compose window
Next message: Off to O'Reilly
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jul 21, 2001 at 05:22:22PM -0500, Brent J. Nordquist wrote:
>
> (1)  A PHPLIB vulnerability allowed an attacker to provide a value for
> the array element $_PHPLIB[libdir], and thus to get scripts from another
> server to load and execute.  This vulnerability is remotely exploitable.
> (Horde 1.2.x ships with its own customized version of PHPLIB, which has
> now been patched to prevent this problem.)

Incidentally, this problem is not remotely exploitable if you have
turned off transparent URL handling in the fopen() function in PHP.

Look in your php.ini file for this line:

allow_url_fopen = On

and turn it 'Off'.

Most applications don't need this URL parsing, and you should turn it on
specifically for those that do, rather than leaving it on as a 
default.

--
Anil Madhavapeddy, <anil@recoil.org>

Previous message: Compose window
Next message: Off to O'Reilly
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]