Major bug found in PHP.

[CougTek]

PHP version older than 4.3.10 or 5.0.3 are plaggued by an errata that could leave they database wide open to malicious minds :

The exploit, which affects php versions prior to 4.3.10 or 5.0.3, uses errors in the way that serialisation and realpath commands are handled to gain escalated privileges, bypass some security restrictions and compromise a vulnerable system. Many web administrators are suffering problems from hackers that have been quick to do what damage they can - we know that Inq favourite the Ace of Spodes has been having troubles.

The solution to the exploit is to upgrade to the latest version of php - either 4.3.10 or 5.0.3, depending on which thread you are running. The 4.3.10 build also includes some 5.x bugfixes and features which have been ported backwards.

News source

Are we safe?

 

[Handruin]

Working on it.

I've asked the hosting company to address this issue. They've started upgrading servers a few hours ago. If SF is down in the next couple days, this could be the reason. Down time should be less than 15 minutes. They have not said what time this will occur.

As far as the forum is concerned, the code is at the latest version.

 

[Handruin]

We're now at 4.3.10.