Re: Vulnerability in PHP ?!?

From: Matthew Kauffman (matthew@e-businesscoach.com)
Date: 05/13/02


Date: Mon, 13 May 2002 14:45:56 -0600
To: BoneMachine <BoneMachine@sdf.lonestar.org>
From: Matthew Kauffman <matthew@e-businesscoach.com>

I was also under the impression that the overflows in PHP's mime handling
had been fixed in 4.1.2, but i've just tested the exploit and it does
indeed cause PHP 4.1.2 to segfault. Egads.

I tested on apache 1.3.6/PHP 4.1.2 (as apache module) running under linux
2.2.16

Matthew

At 06:26 PM 5/13/02 +0200, you wrote:
>I've posted this before but it was not processed.
>
>---
>
>I stumbled on some exploit code from TESO that is available at
>packetstorm (http://packetstormsecurity.nl/filedesc/7350fun.html). The
>code exists as a binary that is supposed to exploit
>mod_php 4.0.x and crash at least 4.1.2
>
>I am curious what hole is being exploited. I can't remember a buffer
>overflow vulnerability being reported for mod_php 4.1.2
>Anyone with ideas ?
>
>TIA
>Bone Machine

E-business Coach, Inc.
Call (1) 877-816-8161 or http://www.e-businesscoach.com/

[Web site software and solutions to advance your market strategy.]