As stated in the Appendix A of the full advisory, Debian stable and
testing are not vulnerable.
This is because they are still using PHP 4.1.x (the exploit only affects
PHP 4.2.0 and 4.2.1).
Debian unstable (i.e. sid) is vulnerable, as it uses PHP 4.2.1, and from
what I can see as of this
posting, it hasn't been updated to 4.2.2 yet. I assume a package will
be forthcoming very soon
though :-)
Alvise Belotti wrote:
Does anyone know if this affects Debian Woody (php4
4.1.2-4) too?
Tnx
----- Forwarded message from CERT Advisory <[email protected]> -----
Date: Mon, 22 Jul 2002 19:09:01 -0400 (EDT)
From: CERT Advisory <[email protected]>
To: [email protected]
Organization: CERT(R) Coordination Center - +1 412-268-7090
Subject: CERT Advisory CA-2002-21 Vulnerability in PHP
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2002-21 Vulnerability in PHP
Original release date: July 22, 2002
Last revised: --
Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
* Systems running PHP versions 4.2.0 or 4.2.1
Overview
A vulnerability has been discovered in PHP. This vulnerability could
be used by a remote attacker to execute arbitrary code or crash PHP
and/or the web server.
[...cut...]
----- End forwarded message -----
Alvise Belotti,
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
