Critical PHP bug - act ASAP if you are running web with sensitive data

[Tõnu Samuel <tonu () jes ee>]

----------  Forwarded Message  ----------

Subject: Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running 
web with sensitive data
Date: Wednesday 29 March 2006 10:06
From: Tõnu Samuel <tonu () jes ee>
To: Jasper Bryant-Greene <jasper () album co nz>

On Wednesday 29 March 2006 08:54, you wrote:
> Sure, this is still a fairly serious bug. (As an aside, if you have
> sensitive data, you really shouldn't allow users to upload new scripts,
> or be running in a shared hosting env.)

There is a one vector most people do not seem to know. You can telnet to port
80 and say

GET <?php .....

write full script there and include web server log file later. Who knows what
else blackhats can do. Every single hole must be closed.

> I can't speak for other distros, but there's a bug in Gentoo Bugzilla
> for this: http://bugs.gentoo.org/127939

Thank you! I think this problem must be fixed in every PHP version, not only
5.1 series. They knew about it but never told. That's bad.

   Tõnu

-------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/