Re: PHP Resource Exhaustion Denial of Service

From: vjt (vejetaat_private)
Date: Tue Jul 23 2002 - 13:22:22 PDT

Next message: stealth: "Re: SSH Protocol Trick"

Previous message: stealth: "Re: SSH Protocol Trick"
In reply to: Matthew Murphy: "[Full-Disclosure] PHP Resource Exhaustion Denial of Service"
Next in thread: Matthew Murphy: "[Full-Disclosure] PHP Resource Exhaustion Denial of Service"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jul 20, 2002 at 08:45:17PM -0500, Matthew Murphy wrote:
> The PHP interpreter is a heavy-duty CGI EXE (or SAPI module, depending on
> configuration) that implements an HTML-embedded script language.  A
> vulnerability in PHP can be used to cause a denial of service in some cases.
[cut]
> Exploit: http://www.murphy.101main.net/php-apache.c
> 

this does not apply when the php interpreter is dynamically loaded by
apache using the DSO interface (or whatever dynamic loading interface
of whatever web server). and afaik this is a more common approach when
dealing with unix web servers.

best regards,
    vjt

-- 
pub  1024D/5201DC33 2002-01-24 vjt <vjtat_private>
Key fingerprint = C80A DC06 E81C 4613 236B  833F C2C6 009F 5201 DC33
http://bahamut-inet6.sourceforge.net/vjt.asc

application/pgp-signature attachment: stored

Next message: stealth: "Re: SSH Protocol Trick"
Previous message: stealth: "Re: SSH Protocol Trick"
In reply to: Matthew Murphy: "[Full-Disclosure] PHP Resource Exhaustion Denial of Service"
Next in thread: Matthew Murphy: "[Full-Disclosure] PHP Resource Exhaustion Denial of Service"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 23 2002 - 14:55:49 PDT