1
Hennessy
PHP vulnerabilities - unserialize() function
  • 2004/12/18 0:20

  • Hennessy

  • Just popping in

  • Posts: 30

  • Since: 2003/10/28


As per this announcement blatently stolen from slashdot, does the XOOPS API use the unserialize() function and is it vulnerable to this security hole in PHP?

I have recompiled PHP anyhow just to be safe, but just wondering if 90% of xoopsers who are hosted on shared hosting and cannot recompile themselves, if they are vulnerable to this.

And what measures other than upgrading php can be taken to secure XOOPS from this - assuming of course that it uses the unserialize() function at all.

Heno.

2
ajaxbr
Re: PHP vulnerabilities - unserialize() function
  • 2004/12/18 1:21

  • ajaxbr

  • Quite a regular

  • Posts: 276

  • Since: 2003/10/25


Yes it uses, and I'd guess it's vulnerable due to the kind of use it has. Damn it, PHP

3
Rhomal
Re: PHP vulnerabilities - unserialize() function
  • 2004/12/18 4:27

  • Rhomal

  • Quite a regular

  • Posts: 274

  • Since: 2004/10/5


I stopped apache, deleted the PHP folder, copied the new folder over and then copied the 2 .DLL's I needed to the system32 folder. Restarted apache. done in about 45 secs.

Really not that hard to update PHP.

Only real issue as was mentioned above is if you dont own/have admin rights then thats a issue sadly

Login

Who's Online

342 user(s) are online (306 user(s) are browsing Support Forums)


Members: 0


Guests: 342


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits