News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Christopher Kunz's Blog:
How to increase PEAR security (and give admins a fuzzy feeling)
November 11, 2005 @ 06:09:47

In this new post from Christopher Kunz today on his blog, he talks a bit about the "lupii" attacks that have been happening and a suggestion for those maintaining the PEAR projects.

The latest PHP worm (lupii) attacks systems that are vulnerable to a remote code execution hole in PEAR::XMLRPC (or phpxmlrpc). It can only propagate on systems whose administrators have neglected to update PHP (or PEAR) in the last 3 months.

What if the PEAR project would introduce a flag for packets, say, "-security" and modify the PEAR installer accordingly. That flag should only be used for pure security fixes, without feature or BC breakage, so that it won't break anything at all (apart from the exploits).

He goes on mentioning that something like this would be a load off of your local web server admin's mind - just run a cron to look at a PEAR security channel and pick up the latest updates...

0 comments voice your opinion now!
pear security xmlrpc lupii pear security xmlrpc lupii


blog comments powered by Disqus

Similar Posts

Greg Beaver's Blog: Mac OS X ships with security hole-laden PEAR - how to upgrade immediately

PHPWomen.org: Bundled go-pear.phar broken in 5.2 windows releases

Ed Finkler's Blog: New Inspekt Build Available

Ken Guest's Blog: A response to "Better Postal/Zip Code Validation Method for CakePHP 1.2"

Spoono.com: RSS Parsing using PEAR


Community Events





Don't see your event here?
Let us know!


conference configure introduction community api release laravel opinion version list voicesoftheelephpant install extension unittest series podcast symfony interview language composer

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework