Re: [Wikitech-l] Security alert: PHP 5.4.3 windows version upload exploit

** Keine Antwort erforderlich ** no reply needed ** FYI: I just received the following information http://www.heise.de/newsticker/meldung/Ungepatche-Luecke-in-aktueller-PHP-V… (German) https://isc.sans.edu/diary.html?storyid=13255 "Clarifications/Updates to the original diary: - This is NOT remote exploitable. An exploit would require the attacker to upload PHP code to the server, at which point, the attacker could just use PHP to run shell commands via "exec". - only the windows version is vulnerable" "There is a remote exploit in the wild for PHP 5.4.3 in Windows, which takes advantage of a vulnerability in the com_print_typeinfo <http://php.net/manual/en/function.com-print-typeinfo.php> function. The php engine needs to execute the malicious code, which can include any shellcode like the the ones that bind a shell to a port." ** Keine Antwort erforderlich ** no reply needed ** _______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l