Vulnerability Development mailing list archives
Re: Rumours about Apache 1.3.22 exploits
From: H D Moore <sflist () digitaloffense net>
Date: Tue, 26 Feb 2002 21:44:58 -0600
To clarify: AFAIK the exploit takes advantage of a buggy memchr() call in versions 4.0.6 and below. This vulnerability is exploitable remotely, no "upload" or local access is needed. I heard that the patch put into CVS a few days ago was just for RFC compliance... On Tuesday 26 February 2002 08:07 am, Olaf Kirch wrote:
There is a bug in the php_split_mime function in PHP 3.x and 4.x. There is a working exploit floating around which provides a remote bindshell for PHP versions 4.0.1 to 4.0.6 with a handful of default offsets for different platforms.Blechch. This code is really icky. There's really an sprintf down there in the code that looks bad (apart from a few other things that look bad). But if I don't misread the patch, the sprintf is still there in 4.1.1.Since the PHP developers commited another change to the affected source file (rfc1687.c) about two days ago, speculation is that there is yet another remote exploit.Not in the public CVS (has been removed?) Olaf
Current thread:
- Re: Rumours about Apache 1.3.22 exploits, (continued)
- Re: Rumours about Apache 1.3.22 exploits nilton . gs . sc (Feb 25)
- RE: Rumours about Apache 1.3.22 exploits Pedro Hugo (Feb 25)
- RE: Rumours about Apache 1.3.22 exploits Nico Wieland (Feb 26)
- RE: Rumours about Apache 1.3.22 exploits Pedro Hugo (Feb 25)
- Re: Rumours about Apache 1.3.22 exploits H D Moore (Feb 25)
- php update (was Re: Rumours about Apache 1.3.22 exploits) Christopher McCrory (Feb 27)
- Re: Rumours about Apache 1.3.22 exploits Brandon (Feb 25)
- RE: Rumours about Apache 1.3.22 exploits Pedro Hugo (Feb 25)
- Re: Rumours about Apache 1.3.22 exploits Mike Tone (Feb 26)
- RE: Rumours about Apache 1.3.22 exploits Spare Cycles (Feb 27)
- Re: Rumours about Apache 1.3.22 exploits Olaf Kirch (Feb 27)
- Re: Rumours about Apache 1.3.22 exploits H D Moore (Feb 27)
- Re: Rumours about Apache 1.3.22 exploits nilton . gs . sc (Feb 25)