[Full-Disclosure] Fw: php-exec-dir vulnerable?

From: VeNoMouS (venom_at_gen-x.co.nz)
Date: 07/08/04

Next message: Eric Paynter: "Re: [Full-Disclosure] shell:windows command question"

Previous message: duke_skillz_at_sapo.pt: "[Full-Disclosure] Re: backdoor menu on conexant chipset dsl router (Zoom X3)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <full-disclosure@lists.netsys.com>
Date: Thu, 8 Jul 2004 10:59:38 +1200

Php-exec-dir been fixed for those who care.

http://kyberdigi.cz/projects/execdir/english.html for those who need english
heh

Bugs
VeNoMouS reported that you can execute commands out of specified directories
if you prepend a ';' character to the beginning of the command and try to
execute it with the backtick operator. In original safe_mode_exec_dir the
backtick operator is turned off, in this patch it is not. Therefore, all the
patches listed here were updated with a simple fix that ignores commands to
be run through the backtick operator contaning this dangerous character. A
warning will be printed to standard output and command will not be run. You
are strongly encouraged to download new patch for your version of PHP. The
patches listed in section download are correct ones, so check the MD5 of the
patch you have to those in the list. All version from 4.3.2 to 4.3.7
(inclusive) were vulnerable.

----- Original Message -----
From: "C. McCohy" <mccohy@kyberdigi.cz>
To: "VeNoMouS" <venom@gen-x.co.nz>
Sent: Wednesday, July 07, 2004 9:43 PM
Subject: Re: php-exec-dir vulnerable?

> Ok I fixed all patches to all previous and current versions of the patch,
> description can be found on the project homepage
> http://kyberdigi.cz/projects/execdir/
>
> Please inform all internet groups you have informed about the bug before.
>
> --
> Baj ... C. McCohy
>
> While you are reading this text, an essential hacking tool
> is being silently installed on your computer.
>
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Eric Paynter: "Re: [Full-Disclosure] shell:windows command question"

Previous message: duke_skillz_at_sapo.pt: "[Full-Disclosure] Re: backdoor menu on conexant chipset dsl router (Zoom X3)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Overview Of New Intel Core i7(Nehalem) Processor
... has to create funny RS232 commands to have it do anything? ... Zero bugs in the code. ... One joy of being an electronics designer is that you don't have to get ... On the other side of the spectrum there are more good, say successful, hardware project, AND software projects. ...
(sci.electronics.design)
Re: Chronic database connection failure
... execute commands on the same session, but we never had this problem ... Is there something different about IIS 6.0 that is ... Do you use explicit Connection objects? ... using that object to open recordsets and run commands. ...
(microsoft.public.inetserver.asp.db)
Re: Net::SSH problems
... directory besides my '/home' directory and then execute commands from ... its part of a bigger app - it does the 'cd', 'chmod' and runs the ...
(comp.lang.ruby)
Re: [opensuse] BUGs in 10.3: swap not possible on /dev/md0, etc
... Konq gave me a mostly-blank page when I tried. ... These all sound like important bugs, so use bugzilla.novell.com to report them ... To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx ... For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx ...
(SuSE)
Re: SEND COMMANDS VIA FTP ?
... Some allow a remote user to execute commands ... And it may depend on the server program. ... How d'ya reckon those FTP hacks get in? ...
(microsoft.public.windows.server.sbs)