Vulnerability Development: Re: Vulnerability in PHP ?!?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: Vulnerability in PHP ?!?

From: Andreas Hasenack <andreas () conectiva com br>
Date: Mon, 13 May 2002 17:11:06 -0300

Check out http://bugs.php.net/bug.php?id=15772

The security fix introduced this crash problem into 4.1.2, maybe
that's what you are seeing/hearing.

BTW, beware, a packetstorm mirror had a trojaned
exploit:

http://packetstormsecurity.nl/73501867.html

Em Mon, May 13, 2002 at 06:26:19PM +0200, BoneMachine escreveu:

I've posted this before but it was not processed.

--- 

I stumbled on some exploit code from TESO that is available at
packetstorm (http://packetstormsecurity.nl/filedesc/7350fun.html). The
code exists as a binary that is supposed to exploit
mod_php 4.0.x and crash at least 4.1.2

I am curious what hole is being exploited. I can't remember a buffer
overflow vulnerability being reported for mod_php 4.1.2
Anyone with ideas ?

TIA
Bone Machine

By Date By Thread

Current thread:

Vulnerability in PHP ?!? BoneMachine (May 13)
- Re: Vulnerability in PHP ?!? Andreas Hasenack (May 13)
  - Re: Vulnerability in PHP ?!? John (May 13)
- Re: Vulnerability in PHP ?!? Matthew Kauffman (May 13)
- Re: Vulnerability in PHP ?!? Matthew Kauffman (May 13)
- <Possible follow-ups>
- Re: Vulnerability in PHP ?!? lion (May 13)