[Owncloud] centos 6.4 : php CVE-2006-7243 warning
Victor Dubiniuk
dubiniuk at owncloud.com
Mon Sep 30 14:08:40 UTC 2013
?? ????
On 09/30/2013 05:02 PM, Erwin Rennert wrote:
> Please don't jump to conclusions.
> It might very well be that centos patched the "old" PHP version a long
> time ago. I doubt the owncloud installation routine actually checks
> for the vulnerability.
Nevertheless it does
https://github.com/owncloud/core/blob/stable5/core/setup.php#L22
Victor
> It probably only checks for the PHP version number and certainly has
> no knowledge of any given distribution's patch history.
>
> BTW, CVE-2006-7243 is from 2006, not 2010.
>
> Kind regards,
> E.R.
>
>
> On 09/30/2013 03:25 PM, Adrian Sevcenco wrote:
>> Hi! i just installed the owncloud on an updated centos 6.4 and i have
>> this warning:
>> "Your PHP version is vulnerable to the NULL Byte attack (CVE-2006-7243)
>> Please update your PHP installation to use ownCloud securely."
>>
>> given that the bug is from 2010 and i have an updated system, is the
>> warning valid?
>>
>> Thanks!
>> Adrian
>>
>>
>>
>> _______________________________________________
>> Owncloud mailing list
>> Owncloud at kde.org
>> https://mail.kde.org/mailman/listinfo/owncloud
>>
>>
>> !DSPAM:52497c0f128225655088695!
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20130930/e694009a/attachment.html>
More information about the Owncloud
mailing list