Re: [Full-Disclosure] Advisory 11/2004: PHP memory_limit remote vulnerability

From: Florian Weimer (fw_at_deneb.enyo.de)
Date: 07/14/04

Next message: Maarten: "Re: [Full-Disclosure] Erasing a hard disk easily"

Previous message: Aditya, ALD [ Aditya Lalit Deshmukh ]: "Re: [Full-Disclosure] Erasing a hard disk easily"
In reply to: Stefan Esser: "[Full-Disclosure] Advisory 11/2004: PHP memory_limit remote vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: vulndiscuss@vulnwatch.org, full-disclosure@lists.netsys.com
Date: Wed, 14 Jul 2004 09:55:45 +0200

* Stefan Esser:

> Application: PHP <= 4.3.7
> PHP5 <= 5.0.0RC3
> Severity: A vulnerability within PHP allows remote code
> execution on PHP servers with activated memory_limit
> Risk: Critical

Uh-oh. Has anybody got a minimal patch to fix this issue (and only
this issue)?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Maarten: "Re: [Full-Disclosure] Erasing a hard disk easily"

Previous message: Aditya, ALD [ Aditya Lalit Deshmukh ]: "Re: [Full-Disclosure] Erasing a hard disk easily"
In reply to: Stefan Esser: "[Full-Disclosure] Advisory 11/2004: PHP memory_limit remote vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
... But I'm sure there's another fix for that. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
... But I'm sure there's another fix for that. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-disclosure] Apache 2.2.17 exploit?
... logging in to fix the problem, I've NEVER gotten that kind of support even ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-Disclosure] Support the Sasser-author fund started
... [Full-Disclosure] Support the Sasser-author fund started ... fix a lot of those problems easily. ... I.T. people thus they are losing their big pay packet jobs and doing what ... the "back yarders" do, prices are competitive. ...
(Full-Disclosure)
RE: [Full-disclosure] [BL4CK] - BL4CK FR1D4Y 2006-07-21
... [Full-disclosure] [BL4CK] - BL4CK FR1D4Y 2006-07-21 ... Proof of Concept for the remote signal handling vulnerability ... layer and fix problems in that code. ...
(Full-Disclosure)