mailing list archives
Fw: php-exec-dir vulnerable?
From: "VeNoMouS" <venom () gen-x co nz>
Date: Thu, 8 Jul 2004 10:59:38 +1200
Php-exec-dir been fixed for those who care.
http://kyberdigi.cz/projects/execdir/english.html for those who need english
VeNoMouS reported that you can execute commands out of specified directories
if you prepend a ';' character to the beginning of the command and try to
execute it with the backtick operator. In original safe_mode_exec_dir the
backtick operator is turned off, in this patch it is not. Therefore, all the
patches listed here were updated with a simple fix that ignores commands to
be run through the backtick operator contaning this dangerous character. A
warning will be printed to standard output and command will not be run. You
are strongly encouraged to download new patch for your version of PHP. The
patches listed in section download are correct ones, so check the MD5 of the
patch you have to those in the list. All version from 4.3.2 to 4.3.7
(inclusive) were vulnerable.
----- Original Message -----
From: "C. McCohy" <mccohy () kyberdigi cz>
To: "VeNoMouS" <venom () gen-x co nz>
Sent: Wednesday, July 07, 2004 9:43 PM
Subject: Re: php-exec-dir vulnerable?
Ok I fixed all patches to all previous and current versions of the patch,
description can be found on the project homepage
Please inform all internet groups you have informed about the bug before.
Baj ... C. McCohy
While you are reading this text, an essential hacking tool
is being silently installed on your computer.
Full-Disclosure - We believe in it.
- Fw: php-exec-dir vulnerable? VeNoMouS (Jul 07)