Difference between revisions of "Vuln php fsockopen"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "= PHP Function fsockopen() allows an attacker to open sockets = PHP Function fsockopen() allows an attacker to open sockets, useful for spamming, remote inclusion, shells and...")
 
m
 
Line 11: Line 11:
 
Step 2: Scroll down to PHP_CHECKS and make sure this is set to "yes".  By default ASL will only warn about PHP vulnerabilities.  If you set this to yes, it will also fix these vulnerabilities.  If this is set to "no" the next step will not work, so set this to "yes".
 
Step 2: Scroll down to PHP_CHECKS and make sure this is set to "yes".  By default ASL will only warn about PHP vulnerabilities.  If you set this to yes, it will also fix these vulnerabilities.  If this is set to "no" the next step will not work, so set this to "yes".
  
Step 3: Scroll down to ALLOW_curl_exec and set this to "no".
+
Step 3: Scroll down to ALLOW_fsockopen and set this to "no".
  
 
Step 4: Click the "update" button.
 
Step 4: Click the "update" button.
  
 
This will resolve this vulnerability.
 
This will resolve this vulnerability.

Latest revision as of 18:06, 10 February 2012

[edit] PHP Function fsockopen() allows an attacker to open sockets

PHP Function fsockopen() allows an attacker to open sockets, useful for spamming, remote inclusion, shells and other malicious activity.

[edit] Next Steps

If this risk is unacceptable for your system, then you will want to disable this capability in PHP.

Step 1: Log into the ASL GUI, click on Configuration and select the ASL configuration menu option. This will open the ASL configuration screen.

Step 2: Scroll down to PHP_CHECKS and make sure this is set to "yes". By default ASL will only warn about PHP vulnerabilities. If you set this to yes, it will also fix these vulnerabilities. If this is set to "no" the next step will not work, so set this to "yes".

Step 3: Scroll down to ALLOW_fsockopen and set this to "no".

Step 4: Click the "update" button.

This will resolve this vulnerability.

Personal tools