Bugtraq mailing list archives

Re: PHP Resource Exhaustion Denial of Service

From: vjt <vejeta () azzurra org>
Date: Tue, 23 Jul 2002 22:22:22 +0200

On Sat, Jul 20, 2002 at 08:45:17PM -0500, Matthew Murphy wrote:

The PHP interpreter is a heavy-duty CGI EXE (or SAPI module, depending on
configuration) that implements an HTML-embedded script language.  A
vulnerability in PHP can be used to cause a denial of service in some cases.

[cut]

Exploit: http://www.murphy.101main.net/php-apache.c


this does not apply when the php interpreter is dynamically loaded by
apache using the DSO interface (or whatever dynamic loading interface
of whatever web server). and afaik this is a more common approach when
dealing with unix web servers.

best regards,
    vjt

-- 
pub  1024D/5201DC33 2002-01-24 vjt <vjt () users sf net>
Key fingerprint = C80A DC06 E81C 4613 236B  833F C2C6 009F 5201 DC33
http://bahamut-inet6.sourceforge.net/vjt.asc

Attachment: _bin
Description:

Current thread:

PHP Resource Exhaustion Denial of Service Matthew Murphy (Jul 22)
- RE: PHP Resource Exhaustion Denial of Service Russ Garrett (Jul 22)
- Re: PHP Resource Exhaustion Denial of Service vjt (Jul 23)