Menu
▾
▴
Re: [Phpwebsite-developers] Serious issue
|
From: Jim W. <spi...@us...> - 2005-03-02 18:59:39
|
> From: Brady Bellinger > > Are sites that only allow trusted, registered users also affected by this issue? > To my knowledge our site does not allow anonymous users to submit announcements. > > Thanks, > > Brady Hi Brady, That might make a little bit of difference, but this is serious enough that you should do the patch. If you are running and older version or have a heavily modified installation, just add the new code in index.php to your index.php. Also do not be fooled by comments such as "normally only apache/nobody user access is attained". Such access is the first step of almost all breakins as it gives enough access to run a privelege escallation exploit. I would like to hear some other opinions on this as well, but that's currently my take on the situation. Best regards, Jim Wilson |
