|
||||||||
I would imagine that since the exploits listed require the ability to feed your own scripts to php, the answer will be no, it is not subject to these security holes. Yes it uses exploitable versions, but the way that php is used does not allow for the exploit to be accessible. Not unless m0n0wall blindly executes uploaded data as php code, for some unknown reason. The only people that are at risk here are hostnig providers. ----- Original Message ----- From: "taharka" <res00vl8 at alltel dot net> To: <m0n0wall at lists dot m0n0 dot ch> Sent: Saturday, July 17, 2004 7:36 PM Subject: Re: [m0n0wall] Upgrade to PHP5 > On Sat, 2004-07-17 at 17:49, Michael Iedema wrote: > > > that you wouldn’t need to install mysql, which is a large binary and can use > > > a lot of RAM. > > > > m0n0wall does not require MySQL > > True m0n0wall does not require MySQL but, is it vulnerable to the > security holes mentioned here? > http://pcworld.co.nz/news.nsf/0/4D6AE0157B37ACDCCC256ED200693BB3?OpenDocument > Been meaning to ask this since Friday but, thought someone else would > beat me to it ;-) > > taharka > > Lexington, Kentucky U.S.A. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > |