Security Incidents mailing list archives

Re: Interesting webserver intrusion (apache 1.3.31, mod_ssl 2.8.18, php 4.3.7)

From: Dmitry Alyabyev <dimitry () al org ua>
Date: Mon, 12 Jul 2004 17:33:56 +0300

On Saturday 10 July 2004 04:40, Tim Greer wrote:

[skip]

Sounds like one of the many PHP scripts is exploitable.  You could run
PHP as CGI w/ the suexec wrapper (and even tweak the source or use an
existing patch so PHP scripts don't need to be modified at all (other
than the ownership of some files/dirs PHP scripts need to use/write to).


not really - you will lose authentication within PHP scripts in meaning of 
receiving password via environment and some add-ons like Zend optimizer will 
stop working

-- 
Dimitry

Current thread:

Interesting webserver intrusion (apache 1.3.31, mod_ssl 2.8.18, php 4.3.7) nathan c. dickerson (Jul 09)
- Re: Interesting webserver intrusion (apache 1.3.31, mod_ssl 2.8.18, php 4.3.7) Tim Greer (Jul 12)
  - Re: Interesting webserver intrusion (apache 1.3.31, mod_ssl 2.8.18, php 4.3.7) Dmitry Alyabyev (Jul 12)
    - Re: Interesting webserver intrusion (apache 1.3.31, mod_ssl 2.8.18, php 4.3.7) Tim Greer (Jul 13)
    - Re: Interesting webserver intrusion (apache 1.3.31, mod_ssl 2.8.18, php 4.3.7) nathan c. dickerson (Jul 14)
    - Re: Interesting webserver intrusion (apache 1.3.31, mod_ssl 2.8.18, php 4.3.7) nathan c. dickerson (Jul 14)
- Re: Interesting webserver intrusion (apache 1.3.31, mod_ssl 2.8.18, php 4.3.7) Frank Knobbe (Jul 12)
  - Re: Interesting webserver intrusion (apache 1.3.31, mod_ssl 2.8.18, php 4.3.7) nathan c. dickerson (Jul 13)
    - Re: Interesting webserver intrusion (apache 1.3.31, mod_ssl 2.8.18, php 4.3.7) Frank Knobbe (Jul 14)
- RE: Interesting webserver intrusion (apache 1.3.31, mod_ssl 2.8.18, php 4.3.7) Bojan Zdrnja (Jul 12)