Secunia reports several new vulnerabilities for PHP which have <allegedly>
been fixed in the release 4.4.8. (http://secunia.com/advisories/28318/)
Among those are:
Integer overflow error in the "chunk_split()" function
Integer overflow errors in "strcspn()" & "strspn()" frequently used
Regression error in "glob()" function
SQL error as regards "LOCAL INFILE"
"session_save_path" and "error_log" can bypass "safe_mode"

These can all be remotely exploited.
Patch now or pay later!

BTW, they also released yet another advisory about a critical vulnerability
in Real Player. No patch is as yet provided.
(http://secunia.com/advisories/28276/). Careful about where you get your
media files, particularly websites.

I Hate Stock Spamz wrote:
> Secunia reports several new vulnerabilities for PHP which have <allegedly>
> been fixed in the release 4.4.8. (http://secunia.com/advisories/28318/)
> Among those are:
> Integer overflow error in the "chunk_split()" function
> Integer overflow errors in "strcspn()" & "strspn()" frequently used
> Regression error in "glob()" function
> SQL error as regards "LOCAL INFILE"
> "session_save_path" and "error_log" can bypass "safe_mode"
>
> These can all be remotely exploited.
> Patch now or pay later!
>
> BTW, they also released yet another advisory about a critical vulnerability
> in Real Player. No patch is as yet provided.
> (http://secunia.com/advisories/28276/). Careful about where you get your
> media files, particularly websites.
>
>

Considering PHP 4.x is past end of life, that's nothing new.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

I Hate Stock Spamz <mister@ellaneous.cn> wrote:

>These can all be remotely exploited.
>Patch now or pay later!

Paranoida aside, please explain:

1) How can these be remotely exploited, and to what ends?

2) How many sites are currently exploited, and what is being done
through those exploits?

(Facts please, I know this is AWW, but if the usual suspects could
spare us the usual bullshit)

X

(Secret Agent X) wrote:

> I Hate Stock Spamz <mister@ellaneous.cn> wrote:
>
>>These can all be remotely exploited.
>>Patch now or pay later!
>
> Paranoida aside, please explain:
>
> 1) How can these be remotely exploited, and to what ends?

This are two questions, I'll answer the latter: the ends is often to
install software to send out spam / to scan for other exploitable sites /
to infect computers of visitors.

> 2) How many sites are currently exploited, and what is being done
> through those exploits?

Again two questions, will answer the latter: in some cases nothing until
it's reported, or the site owner notices a huge increase in traffic. The
latter can take weeks, or even months.

--
John Bokma http://johnbokma.com/

John Bokma <john@castleamber.com> wrote:

>(Secret Agent X) wrote:
>
>> I Hate Stock Spamz <mister@ellaneous.cn> wrote:
>>
>>>These can all be remotely exploited.
>>>Patch now or pay later!
>>
>> Paranoida aside, please explain:
>>
>> 1) How can these be remotely exploited, and to what ends?
>
>This are two questions, I'll answer the latter: the ends is often to
>install software to send out spam / to scan for other exploitable sites /
>to infect computers of visitors.

No answer there then. Just more scaremongering.


>
>> 2) How many sites are currently exploited, and what is being done
>> through those exploits?
>
>Again two questions, will answer the latter: in some cases nothing until
>it's reported, or the site owner notices a huge increase in traffic. The
>latter can take weeks, or even months.

Again just more scaremongering. I assume that "I Hate Stock Spamz" who
posted the original scare story is financially involved in the AV
industry and wants to whip up more business. A bit like Alan Soloman
and John McCarthy used to do, when viruses were first invented.

X

(Secret Agent X) wrote:

> No answer there then. Just more scaremongering.

I doubt you have any idea about programming, so your way underqualified to
even weight my answers Mr Probert (I assume).

--
John Bokma http://johnbokma.com/

"Secret AgentX" trolled:
> Again just more scaremongering. I assume that "I Hate Stock Spamz" who
> posted the original scare story is financially involved in the AV
> industry and wants to whip up more business. A bit like Alan Soloman

Yep, they're after ya'. Them scaremongers like Securityfocus and Secunia.
You just know that there's a plot in there somewhere to create panic and
steal your parent's hard earned cash.

I'll sure be glad when you kids get back in school next week.

BTW, if you had any ideas about these vulns you could easily find POC
scripts around the net, don't expect any of the grownups in here to
publish them for you.

I Hate Stock Spamz <mister@ellaneous.cn> wrote:

>"Secret AgentX" trolled:
>> Again just more scaremongering. I assume that "I Hate Stock Spamz" who
>> posted the original scare story is financially involved in the AV
>> industry and wants to whip up more business. A bit like Alan Soloman
>
>Yep, they're after ya'. Them scaremongers like Securityfocus and Secunia.
>You just know that there's a plot in there somewhere to create panic and
>steal your parent's hard earned cash.
>
>I'll sure be glad when you kids get back in school next week.
>
>BTW, if you had any ideas about these vulns you could easily find POC
>scripts around the net, don't expect any of the grownups in here to
>publish them for you.
>

You have no idea who I am, have you? Ever heard of the goat files? I
remember them.

Anyway, as we can see, you have published no evidence to support your
claims, just scaremongering drivel. I suggest people just ignore this
rubbish and apply common sense, unless they like throwing money at the
corporate criminals.

X