[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: VHCS <= (vhcs2_daemon) Remote Root Exploit


In case you didn't have this patch. Patch  login.php as soon 
as possible (old bug).


For the new bug this is a quick solution

* to modify the php.ini and to disable shell and execute functions

disable_functions = system,system_exec,passthru,shell,shell_exec,exec

* to not permit LOAD INLINE from mysql.  We can disable this feature with 
the following  line to the my.cnf in the section [mysqld]