Vulnerability Development mailing list archives

Re: Vulnerability in PHP ?!?

From: Matthew Kauffman <matthew () e-businesscoach com>
Date: Mon, 13 May 2002 15:43:32 -0600

Looking a little closer, it does appear this is known to the PHP team, andsupposedly this is a DoS only, without possibility of remotely executingcode in 4.1.2.


See http://bugs.php.net/bug.php?id=16067

Matthew

At 06:26 PM 5/13/02 +0200, you wrote:

I've posted this before but it was not processed.

---

I stumbled on some exploit code from TESO that is available at
packetstorm (http://packetstormsecurity.nl/filedesc/7350fun.html). The
code exists as a binary that is supposed to exploit
mod_php 4.0.x and crash at least 4.1.2

I am curious what hole is being exploited. I can't remember a buffer
overflow vulnerability being reported for mod_php 4.1.2
Anyone with ideas ?

TIA
Bone Machine


E-business Coach, Inc.
Call (1) 877-816-8161 or  http://www.e-businesscoach.com/

[Web site software and solutions to advance your market strategy.]

Current thread:

Vulnerability in PHP ?!? BoneMachine (May 13)
- Re: Vulnerability in PHP ?!? Andreas Hasenack (May 13)
  - Re: Vulnerability in PHP ?!? John (May 13)
- Re: Vulnerability in PHP ?!? Matthew Kauffman (May 13)
- Re: Vulnerability in PHP ?!? Matthew Kauffman (May 13)
- <Possible follow-ups>
- Re: Vulnerability in PHP ?!? lion (May 13)