FW: HEADS UP: Security Alert For Apache / PHP Webservers
From: Van Beerschoten, Stephan (stephan.vanbeerschoten@eds.com)
Date: 02/27/02
- Next message: Laurence Brockman: "Re: HEADS UP: Security Alert For Apache / PHP Webservers"
- Previous message: Barkell, Bill: "RE: best firewall option for FreeBSD"
- Next in thread: Laurence Brockman: "Re: HEADS UP: Security Alert For Apache / PHP Webservers"
- Reply: Laurence Brockman: "Re: HEADS UP: Security Alert For Apache / PHP Webservers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Van Beerschoten, Stephan" <stephan.vanbeerschoten@eds.com> To: "'security@freebsd.org'" <security@freebsd.org>, "'isp@freebsd.org'" <isp@freebsd.org>, "'ports@freebsd.org'" <ports@freebsd.org> Date: Wed, 27 Feb 2002 14:14:24 -0000
I usually don't mail from my corporate account, but this needs some fast
fixing on almost all FreeBSD/apache/php servers.
-Stephan
> -----Original Message-----
> From: Bandell, Yaron
> Sent: woensdag 27 februari 2002 15:12
> To: Van Beerschoten, Stephan
> Subject: FW: HEADS UP: Security Alert For Apache / PHP Webservers
>
>
> Damn, dit keer geen IIS buffer overflow exploit :(
>
> -----Original Message-----
> From: Boyce, Nick
> Sent: woensdag 27 februari 2002 14:40
> To: EMEA WebMaster
> Subject: HEADS UP: Security Alert For Apache / PHP Webservers
>
> Security Alert - Apache/PHP - Release Date 27.Feb.2002 - Severe
>
> A security alert has been released relating to a remotely exploitable
> security hole in PHP, and information is cirulating on public mailing
> lists about methods & tools for exploiting the hole. The problem is not
> in Apache itself, but in the optional PHP scripting module. This module
> is widely used by Apache sites (it's the equivalent of IIS/ASP for Apache
> sites), but is not always installed.
>
> The hole (holes actually - there are multiple problems) is/are serious and
> allow(s) remote compromise (of the user running the webserver - maybe of
> root - it's not imediately clear to me). A fixed version of PHP has been
> produced and is available from http://www.php.net.
>
> Full details are at http://security.e-matters.de/advisories/012002.html,
> but here's an extract :
>
> Overview
>
> We found several flaws in the way PHP handles multipart/form-data
> POST requests. Each of the flaws could allow an attacker to execute
> arbitrary code on the victim's system.
>
>
> Details
>
> PHP supports multipart/form-data POST requests (as described in
> RFC1867) known as POST fileuploads. Unfourtunately there are several flaws
> in the php_mime_split function that could be used by an attacker to
> execute arbitrary code. During our research we found out that not only
> PHP4 but also older versions from the PHP3 tree are vulnerable.
> [snip]
> Finally I want to mention that most of these vulnerabilities are
> exploitable only on linux or solaris. But the heap off by one is only
> exploitable on x86 architecture and the arbitrary heap overflow in PHP3 is
> exploitable on most OS and architectures. (This includes *BSD)
>
>
> Nick
> EDS Southwest Solution Centre, Bristol, UK
> Internet email: nick.boyce@eds.com | tel: +44 117 989 2941
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Laurence Brockman: "Re: HEADS UP: Security Alert For Apache / PHP Webservers"
- Previous message: Barkell, Bill: "RE: best firewall option for FreeBSD"
- Next in thread: Laurence Brockman: "Re: HEADS UP: Security Alert For Apache / PHP Webservers"
- Reply: Laurence Brockman: "Re: HEADS UP: Security Alert For Apache / PHP Webservers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
