Vulnerability Development mailing list archives
php update (was Re: Rumours about Apache 1.3.22 exploits)
From: Christopher McCrory <chrismcc () pricegrabber com>
Date: Wed, 27 Feb 2002 09:43:01 -0800
Hello... There is an anouncement and patches available at php's web site: http://www.php.net/ http://security.e-matters.de/advisories/012002.html The bug report is here: http://bugs.php.net/bug.php?id=15736 it recomends turning off file uploads as a work around H D Moore wrote:
On Saturday 23 February 2002 06:12 pm, Pedro Hugo wrote:There are rumours about an exploit for apache 1.3.22 at least... Don't have yet details on it... Anyone else heard about it ?Disclaimer: I have no exploits, dont ask for any. If you really want details, do a source diff on php 4.0.6 and 4.1.x for rfc1687.c.There is a bug in the php_split_mime function in PHP 3.x and 4.x. There is a working exploit floating around which provides a remote bindshell for PHP versions 4.0.1 to 4.0.6 with a handful of default offsets for different platforms. Since the PHP developers commited another change to the affected source file (rfc1687.c) about two days ago, speculation is that there is yet another remote exploit. There are tools floating around whch demonstrate numerous SEGV's in the PHP module, not only in the mime decoder...Exploits have been floating around for at least 2 months, you would think someone would step up and shed some light on this to the general public by now. The sad thing is that certain folks in the "security industry" have known about this for almost as long as there have been exploits, yet nothing was ever made public.
-- Christopher McCrory "The guy that keeps the servers running" chrismcc () pricegrabber com http://www.pricegrabber.com Let's face it, there's no Hollow Earth, no robots, and no 'mute rays.' And even if there were, waxed paper is no defense. I tried it. Only tinfoil works.
Current thread:
- Rumours about Apache 1.3.22 exploits Pedro Hugo (Feb 24)
- Re: Rumours about Apache 1.3.22 exploits nilton . gs . sc (Feb 25)
- RE: Rumours about Apache 1.3.22 exploits Pedro Hugo (Feb 25)
- RE: Rumours about Apache 1.3.22 exploits Nico Wieland (Feb 26)
- RE: Rumours about Apache 1.3.22 exploits Pedro Hugo (Feb 25)
- Re: Rumours about Apache 1.3.22 exploits H D Moore (Feb 25)
- php update (was Re: Rumours about Apache 1.3.22 exploits) Christopher McCrory (Feb 27)
- Re: Rumours about Apache 1.3.22 exploits Brandon (Feb 25)
- <Possible follow-ups>
- RE: Rumours about Apache 1.3.22 exploits Pedro Hugo (Feb 25)
- Re: Rumours about Apache 1.3.22 exploits Mike Tone (Feb 26)
- RE: Rumours about Apache 1.3.22 exploits Spare Cycles (Feb 27)
- Re: Rumours about Apache 1.3.22 exploits Olaf Kirch (Feb 27)
- Re: Rumours about Apache 1.3.22 exploits H D Moore (Feb 27)
- Re: Rumours about Apache 1.3.22 exploits nilton . gs . sc (Feb 25)