| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20080111125110.jz4kpeqxbkoogkw8@192.168.168.10> Date: Fri, 11 Jan 2008 12:51:10 -0600 From: trains <trains@...torunix.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: FWD: PhotoPost vBGallery ImportantSecurity Bulletin Quoting php0t <php0t@...ro.hu>: > From: "trains" <trains@...torunix.com> >> The "AddType" statement for php is normally system-wide, which means >> the web server will execute php scripts that may be found in the >> upload directory. This can be fixed multiple ways: > > They will just place an .htaccess and do addtype themselves. > "php_admin_flag engine off" will probably render most of the issues you > mentioned useless in one shot. I had never heard of that flag before. Nice. http://us.php.net/manual/es/ref.apache.php I don't think I like seeing php and apache being so tightly coupled, but I suppose we need to live in the real world, eh? tr ------------------------------------------------- Email solutions, MS Exchange alternatives and extrication, security services, systems integration. Contact: services@...torunix.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists