On Saturday 23 February 2002 06:12 pm, Pedro Hugo wrote: > There are rumours about an exploit for apache 1.3.22 at least... > Don't have yet details on it... > Anyone else heard about it ? Disclaimer: I have no exploits, dont ask for any. If you really want details, do a source diff on php 4.0.6 and 4.1.x for rfc1687.c. There is a bug in the php_split_mime function in PHP 3.x and 4.x. There is a working exploit floating around which provides a remote bindshell for PHP versions 4.0.1 to 4.0.6 with a handful of default offsets for different platforms. Since the PHP developers commited another change to the affected source file (rfc1687.c) about two days ago, speculation is that there is yet another remote exploit. There are tools floating around whch demonstrate numerous SEGV's in the PHP module, not only in the mime decoder... Exploits have been floating around for at least 2 months, you would think someone would step up and shed some light on this to the general public by now. The sad thing is that certain folks in the "security industry" have known about this for almost as long as there have been exploits, yet nothing was ever made public.
This archive was generated by hypermail 2b30 : Mon Feb 25 2002 - 17:28:57 PST