Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 295
  • Last Modified:

php upgrade

Hello,

With the recent announcement of the PHP exploit (see http://www.php.net), I have been charged with upgrading all of our servers.  All of them went smoothly - except for one:

Redhat Linux 5.2
Redhat Secureweb 2.0 (Redhat's Apache with SSL, based on Apache 1.3.1)
PHP 3.0.5
(Yes, I know these are all old!)

I have tried the following:
- Dropping in a patched 3.0.18 libphp3.so, compiled on another machine
I gotten several errors, the showstopper being:
undefined symbol: ap_regexec
- compiling 3.0.18 on the Redhat 5.2

- patching and compiling 3.0.5 on the Redhat 5.2
Can't even get it patched, as there are several code changes to the mime.c, I tried dropping in the mime.c from the 3.0.18 and compiling, but no luck.

Is there anyone that has had this situation and was able to upgrade?  Please help!

Thanks,

Tom
0
tom419
Asked:
tom419
1 Solution
 
rycamorCommented:
1. Are you sure your patch was successful? How about documenting exactly what you did to patch the PHP 3.0.18 source, and then your steps to compile.

2. You might not be vulnerable anyway, because the exploit was only documented for PHP versions 3.0.10-3.0.18.

3. BTW, the simple fix, if you don't want to update, is just to disable file uploads in php.ini. If you really need file upload capability, just find a good Perl CGI script for that and call it a day.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now