[ previous ] [ next ] [ threads ]
 
 From:  "Eric Shorkey" <eshorkey at commonpointservices dot com>
 To:  "taharka" <res00vl8 at alltel dot net>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Upgrade to PHP5
 Date:  Sat, 17 Jul 2004 20:27:40 -0400
I would imagine that since the exploits listed require the ability to feed
your own scripts to php, the answer will be no, it is not subject to these
security holes. Yes it uses exploitable versions, but the way that php is
used does not allow for the exploit to be accessible. Not unless m0n0wall
blindly executes uploaded data as php code, for some unknown reason. The
only people that are at risk here are hostnig providers.


----- Original Message ----- 
From: "taharka" <res00vl8 at alltel dot net>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Saturday, July 17, 2004 7:36 PM
Subject: Re: [m0n0wall] Upgrade to PHP5


> On Sat, 2004-07-17 at 17:49, Michael Iedema wrote:
> > > that you wouldn’t need to install mysql, which is a large binary and
can use
> > > a lot of RAM.
> >
> > m0n0wall does not require MySQL
>
> True m0n0wall does not require MySQL but, is it vulnerable to the
> security holes mentioned here?
>
http://pcworld.co.nz/news.nsf/0/4D6AE0157B37ACDCCC256ED200693BB3?OpenDocument
> Been meaning to ask this since Friday but, thought someone else would
> beat me to it ;-)
>
> taharka
>
> Lexington, Kentucky U.S.A.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>