[wp-forums] Security warning: Some PHP flaws WP/WP plugins might
have
ch0de r
ch0de at msn.com
Thu Aug 25 22:50:31 GMT 2005
http://www.theinquirer.net/?article=25697
>From Theinquier:
"SECURITY BOFFINS have found a critical vulnerability in two PHP libraries
that are used to provide web services and content management systems.
PHP, is one of the most widely used scripting language on the web and the
flaws are in the XML-RPC for PHP and PEAR XML-RPC libraries.
Similar flaws were discovered in July and prompted an audit of the libraries
by the Hardened-PHP Project, a group that was founded to protect PHP users
and servers against security holes.
According to the Projects advisory here, the new flaw takes advantage of a
technique similar to the earlier vulnerabilities, which involved eval()
statements.
"To get rid of this and future eval() injection vulnerabilities, the
Hardened-PHP Project has developed, together with the maintainers of both
libraries, a fix that completely eliminates the use of eval() from the
library", the report said.
Linux distributiors such as Red Hat and Gentoo have already issued patches,
but perhaps the biggest problem will be for those who have used content
management systems are built using PHP, such as PostNuke, Drupal,
b2evolution and TikiWiki."
I guess this involves the plugin that stickies your post and probaly other
once. I'm not sure If their affected but I do know the stickie plugin does
have some eval() code in their...
_________________________________________________________________
Dont just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
More information about the wp-forums
mailing list