Jump to content

Featured Replies

  • CTW Members

there's a new version of PHP released version 4.3.10 and any1 using a version below that is advised to upgrade immediately due to a number of discovered security issues.


the main issues are:


These include the following:


CAN-2004-1018 - shmop_write() out of bounds memory write access.

CAN-2004-1018 - integer overflow/underflow in pack() and unpack() functions.

CAN-2004-1019 - possible information disclosure, double free and negative reference index array underflow in deserialization code.

CAN-2004-1020 - addslashes() not escaping \0 correctly.

CAN-2004-1063 - safe_mode execution directory bypass.

CAN-2004-1064 - arbitrary file access through path truncation.

CAN-2004-1065 - exif_read_data() overflow on long sectionname.

magic_quotes_gpc could lead to one level directory traversal with file uploads.



what this means basically is that sites using certain scripts, mainly vbulletin, invision & phpbb are vulnerable to attacks from mysql injection on a server wide basis. even though your site may not be vulnerable as it doesn't use those functions above, it doesn't stop this bug as any other site hosted on the same servers your site are on can easily be affected and could take your site down too..


with that in mind, there's a new worm going round exploiting this vulnerability by injecting and running a perl script which allows the virus to traverse server directories whether safe mode is enabled or not. the worm searches the server for world writable files (chmod 666 & 777) it then overwrites them all with a defacement message.. and ur site is unusable till u replace all the deleted files..


This is not a HOAX either i myself have been on the phone doin tech support and having conversations with the host of the sites i have created for other people all day long.


there is nothin you can do as a user, other than inform your server hosts and get them to upgrade asap.. also note that due to incompatibilities between versions, when upgrading make sure they also upgrade zend optimizer or you'll find your site will no longer function correctly..


thought i'd let u know just in case smile.gif


regards all & Merry Xmas



  • CTW Admin



Cheers for that - I am hoping to have a bit of time over xmas to upgrade the board and possibly PHP etc. but its all dependant on work I'm afraid and exactly how much spare time I will have in order to carry this out (currently not looking good!) sad.gif

CTW FounderClubTheWorld.uk | Twitter | Instagram
Clubbing the world together ...

  • CTW Admin

hey dani - site is perfectly safe hun ! lol


Hope to see you out over xmas Dani ???

CTW FounderClubTheWorld.uk | Twitter | Instagram
Clubbing the world together ...

  • CTW Moderators

hey alls cool and no not clubbing till next year now

even though my dad has just said he wants shay on new years eve GET IN

i am jus gona go out with my bf to a club in leamington and get drunk

i cant afford travel and the price of clubbin on a new years eve when ive just bought 200 quids worth of presents for my kids lmao


will defo sort summat in new year i fancy 2 nites lol rocket club or wildchild in feb

🎧20,000 Hardcore members,  I say the future is ours🎧


Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...
Clubbing the world together ...