Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [suse-security] WORM_SANTY.A and patch php
From: Marcus Meissner (meissnersuse.de)
Date: Mon Dec 27 2004 - 11:48:17 CST
> > We are working on php4 updates but we are not able to release them before
> > the second week of january since most developers and testers are not
> > available.
> It might have been wise to allow for vulnerabilities that get discovered
> during holidays. Worms don't usually keep track of people's vacations.
> > The SANTY.A worm itself spreads using a phpBB (a php forum software)
> > vulnerability, not by a bug in php4.
> Ahem! Marcus, that is most definitely not true. I refer you to
This exact worm does. I stand corrected.
Other worms might already exploit the php vulnerabilities, true.
I am follwoing the full-disclosure and bugtraq lists and currently no worm
that exploits those directly has been reported in my reading.
> where is adamantly stated "All Users of PHP are strongly encouraged to upgrade
> to this release as soon as possible". Seven CVE entries are fixed with this.
> Furthermore, newer worms attack PHP itself, not per se phpBB:
Yes, but we did not want to give you an untested update that
will cause more work on your and our side before christmas.
> PhpBB was the first symptom, but php has the vulnerability.
Yes. I expect we are going to see more of those. There are also
still lots of php based projects out which are unsufficiently
As for the php updates, we really wanted them to go out before Christmas,
but there was pretty much confusion about patches and additional fixes
and also reduced QA power due parallel kernel and samba problems.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----