| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: venom at gen-x.co.nz (VeNoMouS) Subject: Fw: php-exec-dir vulnerable? Php-exec-dir been fixed for those who care. http://kyberdigi.cz/projects/execdir/english.html for those who need english heh Bugs VeNoMouS reported that you can execute commands out of specified directories if you prepend a ';' character to the beginning of the command and try to execute it with the backtick operator. In original safe_mode_exec_dir the backtick operator is turned off, in this patch it is not. Therefore, all the patches listed here were updated with a simple fix that ignores commands to be run through the backtick operator contaning this dangerous character. A warning will be printed to standard output and command will not be run. You are strongly encouraged to download new patch for your version of PHP. The patches listed in section download are correct ones, so check the MD5 of the patch you have to those in the list. All version from 4.3.2 to 4.3.7 (inclusive) were vulnerable. ----- Original Message ----- From: "C. McCohy" <mccohy@...erdigi.cz> To: "VeNoMouS" <venom@...-x.co.nz> Sent: Wednesday, July 07, 2004 9:43 PM Subject: Re: php-exec-dir vulnerable? > Ok I fixed all patches to all previous and current versions of the patch, > description can be found on the project homepage > http://kyberdigi.cz/projects/execdir/ > > Please inform all internet groups you have informed about the bug before. > > -- > Baj ... C. McCohy > > While you are reading this text, an essential hacking tool > is being silently installed on your computer. > > >
Powered by blists - more mailing lists