Vulnerability Development mailing list archives
Re: Vulnerability in PHP ?!?
From: Matthew Kauffman <matthew () e-businesscoach com>
Date: Mon, 13 May 2002 14:45:56 -0600
I was also under the impression that the overflows in PHP's mime handling had been fixed in 4.1.2, but i've just tested the exploit and it does indeed cause PHP 4.1.2 to segfault. Egads.
I tested on apache 1.3.6/PHP 4.1.2 (as apache module) running under linux 2.2.16
Matthew At 06:26 PM 5/13/02 +0200, you wrote:
I've posted this before but it was not processed. --- I stumbled on some exploit code from TESO that is available at packetstorm (http://packetstormsecurity.nl/filedesc/7350fun.html). The code exists as a binary that is supposed to exploit mod_php 4.0.x and crash at least 4.1.2 I am curious what hole is being exploited. I can't remember a buffer overflow vulnerability being reported for mod_php 4.1.2 Anyone with ideas ? TIA Bone Machine
E-business Coach, Inc. Call (1) 877-816-8161 or http://www.e-businesscoach.com/ [Web site software and solutions to advance your market strategy.]
Current thread:
- Vulnerability in PHP ?!? BoneMachine (May 13)
- Re: Vulnerability in PHP ?!? Andreas Hasenack (May 13)
- Re: Vulnerability in PHP ?!? John (May 13)
- Re: Vulnerability in PHP ?!? Matthew Kauffman (May 13)
- Re: Vulnerability in PHP ?!? Matthew Kauffman (May 13)
- <Possible follow-ups>
- Re: Vulnerability in PHP ?!? lion (May 13)
- Re: Vulnerability in PHP ?!? Andreas Hasenack (May 13)