On Sat, Jul 20, 2002 at 08:45:17PM -0500, Matthew Murphy wrote: > The PHP interpreter is a heavy-duty CGI EXE (or SAPI module, depending on > configuration) that implements an HTML-embedded script language. A > vulnerability in PHP can be used to cause a denial of service in some cases. [cut] > Exploit: http://www.murphy.101main.net/php-apache.c > this does not apply when the php interpreter is dynamically loaded by apache using the DSO interface (or whatever dynamic loading interface of whatever web server). and afaik this is a more common approach when dealing with unix web servers. best regards, vjt -- pub 1024D/5201DC33 2002-01-24 vjt <vjtat_private> Key fingerprint = C80A DC06 E81C 4613 236B 833F C2C6 009F 5201 DC33 http://bahamut-inet6.sourceforge.net/vjt.asc
This archive was generated by hypermail 2b30 : Tue Jul 23 2002 - 14:55:49 PDT