lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: ulfh at Update.UU.SE (Ulf H{rnhammar)
Subject: PHP Exploit

> Description
> PHP contains code for intelligently parsing the headers of HTTP POST
> requests. The code is used to differentiate between variables and files sent
> by the user agent in a "multipart/form-data" request. This parser has
> insufficient input checking, leading to the vulnerability.

Another hole in the same part of the code as last time..

> Workaround
> If the PHP applications on an affected web server do not rely on HTTP POST
> input from user agents, it is often possible to deny POST requests on the
> web server.

Seeing as the multipart/form-data MIME type is mostly used with file uploads
(forms without file uploads usually use the application/x-www-form-urlencoded
MIME type), perhaps you could protect yourself by setting file_uploads to off
in php.ini, or maybe that doesn't work for some reason.

// Ulf Harnhammar

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ