[ previous ] [ next ] [ threads ]
 
 From:  Chet Harvey <chet at pittech dot com>
 To:  Eric Shorkey <eshorkey at commonpointservices dot com>
 Cc:  taharka <res00vl8 at alltel dot net>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Upgrade to PHP5
 Date:  Sat, 17 Jul 2004 22:26:50 -0400
Also since the only way to exploit would be from inside the network (GUI 
should be set to LAN only) you would have more to worry about than your 
firewall if someone is trying to hack it. As a rule of thumb I only allo 
authorized internal addresses to the GUI LAN interface.....

WAN side should never see GUI....

Quoting Eric Shorkey <eshorkey at commonpointservices dot com>:

> I would imagine that since the exploits listed require the ability to feed
> your own scripts to php, the answer will be no, it is not subject to these
> security holes. Yes it uses exploitable versions, but the way that php is
> used does not allow for the exploit to be accessible. Not unless m0n0wall
> blindly executes uploaded data as php code, for some unknown reason. The
> only people that are at risk here are hostnig providers.
> 
> 
> ----- Original Message ----- 
> From: "taharka" <res00vl8 at alltel dot net>
> To: <m0n0wall at lists dot m0n0 dot ch>
> Sent: Saturday, July 17, 2004 7:36 PM
> Subject: Re: [m0n0wall] Upgrade to PHP5
> 
> 
> > On Sat, 2004-07-17 at 17:49, Michael Iedema wrote:
> > > > that you wouldn’t need to install mysql, which is a large binary and
> can use
> > > > a lot of RAM.
> > >
> > > m0n0wall does not require MySQL
> >
> > True m0n0wall does not require MySQL but, is it vulnerable to the
> > security holes mentioned here?
> >
> http://pcworld.co.nz/news.nsf/0/4D6AE0157B37ACDCCC256ED200693BB3?OpenDocument
> > Been meaning to ask this since Friday but, thought someone else would
> > beat me to it ;-)
> >
> > taharka
> >
> > Lexington, Kentucky U.S.A.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 


-- 
Chet Harvey
Pitbull Technologies <http://www.pittech.com/> 
Protecting your Digital Assets
703.407.7311