Full Disclosure mailing list archives
Critical PHP bug - act ASAP if you are running web with sensitive data
From: Tõnu Samuel <tonu () jes ee>
Date: Wed, 29 Mar 2006 10:08:32 +0300
---------- Forwarded Message ---------- Subject: Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Date: Wednesday 29 March 2006 10:06 From: Tõnu Samuel <tonu () jes ee> To: Jasper Bryant-Greene <jasper () album co nz> On Wednesday 29 March 2006 08:54, you wrote:
Sure, this is still a fairly serious bug. (As an aside, if you have sensitive data, you really shouldn't allow users to upload new scripts, or be running in a shared hosting env.)
There is a one vector most people do not seem to know. You can telnet to port 80 and say GET <?php ..... write full script there and include web server log file later. Who knows what else blackhats can do. Every single hole must be closed.
I can't speak for other distros, but there's a bug in Gentoo Bugzilla for this: http://bugs.gentoo.org/127939
Thank you! I think this problem must be fixed in every PHP version, not only 5.1 series. They knew about it but never told. That's bad. Tõnu ------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel (Mar 28)
- Re: Critical PHP bug - act ASAP if you are running web with sensitive data nocfed (Mar 29)
- Re: Critical PHP bug - act ASAP if you are running web with sensitive data Valdis . Kletnieks (Mar 29)
- Re: Critical PHP bug - act ASAP if you are running web with sensitive data nocfed (Mar 29)