I was also under the impression that the overflows in PHP's mime handling had been fixed in 4.1.2, but i've just tested the exploit and it does indeed cause PHP 4.1.2 to segfault. Egads. I tested on apache 1.3.6/PHP 4.1.2 (as apache module) running under linux 2.2.16 Matthew At 06:26 PM 5/13/02 +0200, you wrote: >I've posted this before but it was not processed. > >--- > >I stumbled on some exploit code from TESO that is available at >packetstorm (http://packetstormsecurity.nl/filedesc/7350fun.html). The >code exists as a binary that is supposed to exploit >mod_php 4.0.x and crash at least 4.1.2 > >I am curious what hole is being exploited. I can't remember a buffer >overflow vulnerability being reported for mod_php 4.1.2 >Anyone with ideas ? > >TIA >Bone Machine E-business Coach, Inc. Call (1) 877-816-8161 or http://www.e-businesscoach.com/ [Web site software and solutions to advance your market strategy.]
This archive was generated by hypermail 2b30 : Mon May 13 2002 - 15:17:51 PDT