rave's picture

I use lamp to develop a project among several people. The virtual machine would be available through the Internet. I used "Shadow Security scanner to check the security and he has reported some vulnerabilities.

Is it safe to use Lamp? Or better to mount a virtual machine from scratch installing the latest versions of apache, mysql, etc?

Sorry for my poor English


Jeremy Davis's picture

But I would imagine you'd find a similar result from a Ubuntu 8.04 LTS server. Perhaps it may be even worse? The only way to check would be to build one yourself. If you use the latest version of Ubuntu (9.10) it may fare better?

The other thing is to consider how it creates its list of vulnerabilities? I am unfamilar with that software but if it is merely discovering the version number and then cross referencing against a list of vulnerabilities that relate to that version number then it is not accurate. Canonical (the Ubuntu owners/sponsors) generally patch security vulnerabilities in the included version (thus patching the vulnerability without updating the actual version number).


rave's picture

Most of the vulnerabilities come from php. These software (Shadow Security scanner and others) use the version of the installed software and seek it in a database.

I think that upgrading the Apache and its modules the number of vulnerabilities should be reduced.


Add new comment