[Owncloud] centos 6.4 : php CVE-2006-7243 warning

Erwin Rennert rennert at zsi.at
Mon Sep 30 14:02:55 UTC 2013


Please don't jump to conclusions.
It might very well be that centos patched the "old" PHP version a long 
time ago. I doubt the owncloud installation routine actually checks for 
the vulnerability. It probably only checks for the PHP version number 
and certainly has no knowledge of any given distribution's patch history.

BTW, CVE-2006-7243 is from 2006, not 2010.

Kind regards,
E.R.


On 09/30/2013 03:25 PM, Adrian Sevcenco wrote:
> Hi! i just installed the owncloud on an updated centos 6.4 and i have
> this warning:
> "Your PHP version is vulnerable to the NULL Byte attack (CVE-2006-7243)
> Please update your PHP installation to use ownCloud securely."
>
> given that the bug is from 2010 and i have an updated system, is the
> warning valid?
>
> Thanks!
> Adrian
>
>
>
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud
>
>
> !DSPAM:52497c0f128225655088695!
>


-- 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Erwin Rennert, IT Services
Center for Social Innovation

A-1150 Wien, Linke Wienzeile 246
Austria, Europe

Phone: ++43-1-495 04 42 - 61
Facsimile: ++43-1-495 04 42 - 40
http://www.zsi.at/




More information about the Owncloud mailing list