PHP Security Warning

   Hello everyone.  As a courtesy to the community I'd like to share the following information.
Please be advised that an apparently very serious PHP vulnerability has turned up.   Details are at the following links as well as http://php.net/.  
Apparently a team discovered this vulnerabilty while conducting a "white hat" hacking event, told the authors at PHP about the vulnerability, and some months later while the PHP folks were still developing a fix, they themselves (the PHP folks) managed to reveal the details of the vulnerabiity to the public.  Brilliant...

http://threatpost.com/en_us/blogs/serious-remote-php-bug-accidentally-disclosed-050312   
http://thehackernews.com/2012/05/un-patched-php-cgi-remote-code.html 
I received the information about this from multiple sources and it looks like folks are taking this pretty seriously.
From what I have read, this vulnerability only affects Linux servers, and I have not yet seen anything saying that it will impact Windows servers.  Preferring to take a posture of caution, we are already taking precautions with our own servers.
I'd recommend you  refer to the above articles in communicating with whomever you host with, ask them to asses the risk, and requesting that they take any appropriate actions.
Never a dull moment is it?

Author	Message Share Topic Printable Version Delicious Digg Facebook Furl Google Boomarks Google Buzz MySpace Newsvine reddit StumbleUpon Translate Twitter Windows Live Yahoo Bookmarks Topic Search Topic Options Post Reply Create New Topic
Greg Dinger Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Certified ProductCart Developers Joined: 23-September-2006 Location: United States Online Status: Offline Posts: 1808	Post Options Post Reply Quote Greg Dinger Report Post Quote Reply Topic: PHP Security Warning Posted: 05-May-2012 at 12:52am
	Hello everyone. As a courtesy to the community I'd like to share the following information. Please be advised that an apparently very serious PHP vulnerability has turned up. Details are at the following links as well as http://php.net/. Apparently a team discovered this vulnerabilty while conducting a "white hat" hacking event, told the authors at PHP about the vulnerability, and some months later while the PHP folks were still developing a fix, they themselves (the PHP folks) managed to reveal the details of the vulnerabiity to the public. Brilliant... http://threatpost.com/en_us/blogs/serious-remote-php-bug-accidentally-disclosed-050312 http://thehackernews.com/2012/05/un-patched-php-cgi-remote-code.html I received the information about this from multiple sources and it looks like folks are taking this pretty seriously. From what I have read, this vulnerability only affects Linux servers, and I have not yet seen anything saying that it will impact Windows servers. Preferring to take a posture of caution, we are already taking precautions with our own servers. I'd recommend you refer to the above articles in communicating with whomever you host with, ask them to asses the risk, and requesting that they take any appropriate actions. Never a dull moment is it?
	GreyBeard Design Group Certified ProductCart Developer Web Design/Development/Hosting Add-Ons & Custom Code \| Stores