[maplab-users] SECURITY ADVISORY: Vulnerabilities in PHP 4.3.x

Daniel Morissette dmorissette at dmsolutions.ca
Fri Dec 17 12:24:58 EST 2004


Maplab users,

Some vulnerabilities have been identified and fixed in PHP 4/5 and the 
PHP team has just released PHP 4.3.10 (and 5.0.2) with those fixes. You 
can find out more at http://www.php.net/release_4_3_10.php

We are relaying this information to you because MapLab makes use of some 
of the vulnerable functions. Even though we have no evidence that Maplab 
installations or GMapFactory applications might be vulnerable to an 
exploit, you are strongly encouraged to upgrade your server 
installations to PHP 4.3.10.

For MS4W users, a new release of the MS4W package (v1.0.2) with PHP 
4.3.10 is also available at 
http://maptools.org/ms4w/index.phtml?page=downloads.html

Note that if you followed the recommendations in the Maplab 
documentation and password-protected your Maplab installation then your 
Maplab installation is much less likely to be vulnerable.

Excerpt from the Maplab docs:

    - MapLab contains some features that make it insecure (e.g., file
      browsers, DATA fields that contain paths, etc.) and for this reason
      it should ALWAYS be password-protected if installed on a public
      server.

Daniel
-- 
------------------------------------------------------------
  Daniel Morissette               dmorissette at dmsolutions.ca
  DM Solutions Group              http://www.dmsolutions.ca/
------------------------------------------------------------


More information about the Maplab-users mailing list