Hello... There is an anouncement and patches available at php's web site: http://www.php.net/ http://security.e-matters.de/advisories/012002.html The bug report is here: http://bugs.php.net/bug.php?id=15736 it recomends turning off file uploads as a work around H D Moore wrote: > On Saturday 23 February 2002 06:12 pm, Pedro Hugo wrote: > >>There are rumours about an exploit for apache 1.3.22 at least... >>Don't have yet details on it... >>Anyone else heard about it ? >> > > Disclaimer: I have no exploits, dont ask for any. If you really want > details, do a source diff on php 4.0.6 and 4.1.x for rfc1687.c. > > There is a bug in the php_split_mime function in PHP 3.x and 4.x. There is a > working exploit floating around which provides a remote bindshell for PHP > versions 4.0.1 to 4.0.6 with a handful of default offsets for different > platforms. Since the PHP developers commited another change to the affected > source file (rfc1687.c) about two days ago, speculation is that there is yet > another remote exploit. There are tools floating around whch demonstrate > numerous SEGV's in the PHP module, not only in the mime decoder... > > Exploits have been floating around for at least 2 months, you would think > someone would step up and shed some light on this to the general public by > now. The sad thing is that certain folks in the "security industry" have > known about this for almost as long as there have been exploits, yet nothing > was ever made public. > -- Christopher McCrory "The guy that keeps the servers running" chrismccat_private http://www.pricegrabber.com Let's face it, there's no Hollow Earth, no robots, and no 'mute rays.' And even if there were, waxed paper is no defense. I tried it. Only tinfoil works.
This archive was generated by hypermail 2b30 : Wed Feb 27 2002 - 19:20:53 PST