Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

php version and new virus Lupper
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
spottraining
n00b
n00b


Joined: 30 Jan 2005
Posts: 73
Location: Estonia
PostPosted: Mon Nov 07, 2005 5:52 pm    Post subject: php version and new virus Lupper Reply with quote
Hello

I find from news information about new virus called Lupper. So I think to check, is my server OK.
How I know - I have installled latest php and mod_php. But when I look to phpinfo, then its shows PHP Version 4.4.0-gentoo-r1. But emerge search php gives me outbut:
Code:
dev-php/php
      Latest version available: 4.4.0-r4
      Latest version installed: 4.4.0-r4
      Size of downloaded files: 4,372 kB
      Homepage:    http://www.php.net/
      Description: PHP Shell Interpreter
      License:     PHP-3

dev-php/mod_php
      Latest version available: 4.4.0-r9
      Latest version installed: 4.4.0-r9
      Size of downloaded files: 4,372 kB
      Homepage:    http://www.php.net/
      Description: Apache module for PHP
      License:     PHP-3


Apache is restarted after update.

Its this normal, that its shows PHP Version 4.4.0-gentoo-r1? The build date is right this, when I have updated my system.

And also - how I can be sure, that my server is not under risk? Php running in default mode.
_________________
Sorry about bad English - I am learning....

The box said Windows XP or better, so I installed Linux
Back to top
View user's profile Send private message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1500
PostPosted: Mon Nov 07, 2005 6:08 pm    Post subject: Reply with quote
I can confirm that I get the same thing.
Code:
phpinfo()
PHP Version 4.4.0-gentoo-r1


Code:
[ebuild   R   ] dev-php/mod_php-4.4.0-r9


hanji
Back to top
View user's profile Send private message
F.Ultra
Apprentice
Apprentice


Joined: 17 Mar 2004
Posts: 169
Location: Sweden
PostPosted: Mon Nov 07, 2005 6:18 pm    Post subject: Reply with quote
The affected piece of softeware on a Gentoo system should be this http://www.gentoo.org/security/en/glsa/glsa-200507-01.xml
Back to top
View user's profile Send private message
spottraining
n00b
n00b


Joined: 30 Jan 2005
Posts: 73
Location: Estonia
PostPosted: Mon Nov 07, 2005 6:28 pm    Post subject: Reply with quote
F.Ultra wrote:
The affected piece of softeware on a Gentoo system should be this http://www.gentoo.org/security/en/glsa/glsa-200507-01.xml

OK
These packets are not installed
_________________
Sorry about bad English - I am learning....

The box said Windows XP or better, so I installed Linux
Back to top
View user's profile Send private message
llongi
Retired Dev
Retired Dev


Joined: 15 Apr 2004
Posts: 459
Location: Switzerland
PostPosted: Mon Nov 07, 2005 6:44 pm    Post subject: Reply with quote
The -gentoo-r1 is correct (it now is -pl1-gentoo, but that doesn't change much). Anyway, mod_php-4.4.0-r9 has all the security fixes, but from what I've read on that site on this worm, none of those will help, since it exploits bugs in web-applications, not in PHP itself, so also if you have the latest PHP version but use the Drupal from 1 year ago the worm will probably work... :)
Quote:
and is configured to permit external shell commands and remote file download in the PHP/CGI environment, a copy of the worm could be downloaded and executed.

Many of those worms and exploits can be prevented or limited by just turning safe_mode to ON, register_globals to OFF, allow_url_fopen to OFF and disable functions such as shell_exec, exec, system etc., this _will_ break some scripts and stuff, but what is coded to work only with those settings is either really special and you know exactly why and who and where this was made, and for what, or it's broken code that should get fixed.
_________________
Best regards, Luca.
Back to top
View user's profile Send private message
spottraining
n00b
n00b


Joined: 30 Jan 2005
Posts: 73
Location: Estonia
PostPosted: Mon Nov 07, 2005 7:09 pm    Post subject: Reply with quote
CHTEKK wrote:

Many of those worms and exploits can be prevented or limited by just turning safe_mode to ON, register_globals to OFF, allow_url_fopen to OFF and disable functions such as shell_exec, exec, system etc., this _will_ break some scripts and stuff, but what is coded to work only with those settings is either really special and you know exactly why and who and where this was made, and for what, or it's broken code that should get fixed.

I dont find these functions like shell_exec and exec from my php.ini file :?
Its this normal?

I yust want to be sure, that there is no risk to my server, when some one installing to old CMS.
_________________
Sorry about bad English - I am learning....

The box said Windows XP or better, so I installed Linux
Back to top
View user's profile Send private message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1500
PostPosted: Mon Nov 07, 2005 7:27 pm    Post subject: Reply with quote
You need to disable them in php.ini

find:
Code:
disable_functions =


And change it to
Code:
disable_functions = shell_exec, exec, etc


hanji
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy