Page 1 of 1

PHP harden advisory

Posted: Sun Dec 26, 2004 1:11 am
by fresh
What was the point of that advisory? I would still like to know two things:

1. How to do it
2. How to stop it

Is this something to do with server config, or poor coding, perhaps both?

Someone please enlighten me.

EDIT: spammers suck, down with all spam. :)

P.s. Merry X-Mas.. :D

Re: PHP harden advisory

Posted: Sun Dec 26, 2004 7:30 am
by Weirdan
fresh wrote:What was the point of that stupid advisory? It read more like a marketing brochure for their group than a security advisory.. who the hell posts a security advisement without proving it works?
You need the PoC? Search the bugtraq mailing list.
... I would still like to know two things:

1. How to do it
Why do you need it? :lol:
fresh wrote: 2. How to stop it
Upgrade to the latest version :lol:
Is this something to do with server config, or poor coding, perhaps both? If this vulnerbalitiy can allow someone to run shell code, then I'd say these guys need to come up with something better than upgrade to the latest, or try my product..
What's so wrong with upgrading?

I don't know how respectable these guys are
Stefan Esser is respectable enough.
I just think it is completly absurd to say this and this can happen and then to turn around and say oh and we aren't telling you s**t about how to stop it or fix it or to provide an example of what makes it happen.. I mean how else are we to work to fix it otherwise?
It's already fixed. In latest versions of php (for both branches).
EDIT: And what the f**k is up with these dumbasses spamming this forum!!
If you ever notice a spam, just notify moderators. We will take necessary actions. No need to start any rant.


PS: I have strong intention to edit your post. Please do it yourself to keep the points you made there, but choose another wordings.

Posted: Sun Dec 26, 2004 7:51 pm
by d3ad1ysp0rk
What would you have liked them to do? Keep to themselves or just email the php creators? The whole point was to inform the masses that their current version wasn't completely secure.

It's not like php.net released a new version THEN these guys said something, the new version was due to their discovery.

I'd think they deserve more of a thank you, then a F you..

Posted: Sun Dec 26, 2004 10:24 pm
by fresh
My fault guys, I just think it's unfair for them to spam the <span style='color:blue' title='I&#39;m naughty, are you naughty?'>smurf</span> out of this forum, if it were me, I'd give them a huge overdose of clicks.. but to each their own.

oh so it's been fixed.. well then that's a totally different story, good job dudes :D

btw I edited my old post, dang I was angry then.. :lol: