[maplab-users] SECURITY ADVISORY: Vulnerabilities in PHP 4.3.x
Daniel Morissette
dmorissette at dmsolutions.ca
Fri Dec 17 12:24:58 EST 2004
Maplab users,
Some vulnerabilities have been identified and fixed in PHP 4/5 and the
PHP team has just released PHP 4.3.10 (and 5.0.2) with those fixes. You
can find out more at http://www.php.net/release_4_3_10.php
We are relaying this information to you because MapLab makes use of some
of the vulnerable functions. Even though we have no evidence that Maplab
installations or GMapFactory applications might be vulnerable to an
exploit, you are strongly encouraged to upgrade your server
installations to PHP 4.3.10.
For MS4W users, a new release of the MS4W package (v1.0.2) with PHP
4.3.10 is also available at
http://maptools.org/ms4w/index.phtml?page=downloads.html
Note that if you followed the recommendations in the Maplab
documentation and password-protected your Maplab installation then your
Maplab installation is much less likely to be vulnerable.
Excerpt from the Maplab docs:
- MapLab contains some features that make it insecure (e.g., file
browsers, DATA fields that contain paths, etc.) and for this reason
it should ALWAYS be password-protected if installed on a public
server.
Daniel
--
------------------------------------------------------------
Daniel Morissette dmorissette at dmsolutions.ca
DM Solutions Group http://www.dmsolutions.ca/
------------------------------------------------------------
More information about the Maplab-users
mailing list