Are you advise, I think:
####################################
Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
* Web servers running PHP
Overview
Multiple vulnerabilities exist in the PHP scripting language. These
vulnerabilities could allow a remote attacker to execute arbitrary
code with the privileges of the PHP process.
I. Description
PHP is a scripting language widely used in web development. PHP can be
installed on a variety of web servers, including Apache, IIS, Caudium,
Netscape and iPlanet, OmniHTTPd and others. Vulnerabilities in the
php_mime_split function may allow an intruder to execute arbitrary
code with the privileges of the web server. For additional details,
see
http://security.e-matters.de/advisories/012002.html
Web servers that do not have PHP installed are not affected by this
vulnerability.
The CERT/CC is tracking this set of vulnerabilities as VU#297363. At
this time, these vulnerabilities have not been assigned a CVE
identifier.
II. Impact
Intruders can execute arbitrary code with the privileges of the web
server, or interrupt normal operations of the web server.
III. Solution
Apply a Patch
Upgrade to PHP version 4.1.2, available from
[......]
--
Linux pour Mac !? Enfin le moyen de transformer
une pomme en v�ritable ordinateur.
JL.
/========================================>
| Olivier Thauvin - CNRS Service Aeronomie
| [EMAIL PROTECTED]
| 01 64 47 43 60 � Verri�res (lundi,mercredi et vendredi)
| 01 44 27 47 59 � Jussieu (Mardi et Jeudi)
| Fax:33 (0)1 69 20 29 99
| Service d'A�ronomie, R�duit de Verrieres
| Route des Gatines - BP 3
| 91371 Verrieres le Buisson Cedex
| France
\======>
