Solved

php upgrade

Posted on 2002-03-07
3
244 Views
Last Modified: 2012-05-04
Hello,

With the recent announcement of the PHP exploit (see http://www.php.net), I have been charged with upgrading all of our servers.  All of them went smoothly - except for one:

Redhat Linux 5.2
Redhat Secureweb 2.0 (Redhat's Apache with SSL, based on Apache 1.3.1)
PHP 3.0.5
(Yes, I know these are all old!)

I have tried the following:
- Dropping in a patched 3.0.18 libphp3.so, compiled on another machine
I gotten several errors, the showstopper being:
undefined symbol: ap_regexec
- compiling 3.0.18 on the Redhat 5.2

- patching and compiling 3.0.5 on the Redhat 5.2
Can't even get it patched, as there are several code changes to the mime.c, I tried dropping in the mime.c from the 3.0.18 and compiling, but no luck.

Is there anyone that has had this situation and was able to upgrade?  Please help!

Thanks,

Tom
0
Comment
Question by:tom419
3 Comments
 
LVL 3

Accepted Solution

by:
rycamor earned 300 total points
ID: 6879164
1. Are you sure your patch was successful? How about documenting exactly what you did to patch the PHP 3.0.18 source, and then your steps to compile.

2. You might not be vulnerable anyway, because the exploit was only documented for PHP versions 3.0.10-3.0.18.

3. BTW, the simple fix, if you don't want to update, is just to disable file uploads in php.ini. If you really need file upload capability, just find a good Perl CGI script for that and call it a day.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Consider the following scenario: You are working on a website and make something great - something that lets the server work with information submitted by your users. This could be anything, from a simple guestbook to a e-Money solution. But what…
Both Easy and Powerful How easy is PHP? http://lmgtfy.com?q=how+easy+is+php (http://lmgtfy.com?q=how+easy+is+php)  Very easy.  It has been described as "a programming language even my grandmother can use." How powerful is PHP?  http://en.wikiped…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now