php update (was Re: Rumours about Apache 1.3.22 exploits)
From: Christopher McCrory (chrismcc@pricegrabber.com)Date: 02/27/02
- Previous message: Ron DuFresne: "Re: SSH2 Exploit?"
- In reply to: H D Moore: "Re: Rumours about Apache 1.3.22 exploits"
- Next in thread: Brandon: "Re: Rumours about Apache 1.3.22 exploits"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 27 Feb 2002 09:43:01 -0800 From: Christopher McCrory <chrismcc@pricegrabber.com> To: vuln-dev@securityfocus.com
Hello...
There is an anouncement and patches available at php's web site:
http://www.php.net/
http://security.e-matters.de/advisories/012002.html
The bug report is here:
http://bugs.php.net/bug.php?id=15736
it recomends turning off file uploads as a work around
H D Moore wrote:
> On Saturday 23 February 2002 06:12 pm, Pedro Hugo wrote:
>
>>There are rumours about an exploit for apache 1.3.22 at least...
>>Don't have yet details on it...
>>Anyone else heard about it ?
>>
>
> Disclaimer: I have no exploits, dont ask for any. If you really want
> details, do a source diff on php 4.0.6 and 4.1.x for rfc1687.c.
>
> There is a bug in the php_split_mime function in PHP 3.x and 4.x. There is a
> working exploit floating around which provides a remote bindshell for PHP
> versions 4.0.1 to 4.0.6 with a handful of default offsets for different
> platforms. Since the PHP developers commited another change to the affected
> source file (rfc1687.c) about two days ago, speculation is that there is yet
> another remote exploit. There are tools floating around whch demonstrate
> numerous SEGV's in the PHP module, not only in the mime decoder...
>
> Exploits have been floating around for at least 2 months, you would think
> someone would step up and shed some light on this to the general public by
> now. The sad thing is that certain folks in the "security industry" have
> known about this for almost as long as there have been exploits, yet nothing
> was ever made public.
>
-- Christopher McCrory "The guy that keeps the servers running"chrismcc@pricegrabber.com http://www.pricegrabber.com
Let's face it, there's no Hollow Earth, no robots, and no 'mute rays.' And even if there were, waxed paper is no defense. I tried it. Only tinfoil works.
- Previous message: Ron DuFresne: "Re: SSH2 Exploit?"
- In reply to: H D Moore: "Re: Rumours about Apache 1.3.22 exploits"
- Next in thread: Brandon: "Re: Rumours about Apache 1.3.22 exploits"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
