| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3D3C65C3.7080001@bokeoa.com> From: core at bokeoa.com (Charles 'core' Stevenson) Subject: PHP Exploit Where's the exploit? ;) peace, core Paul Tinsley wrote: > Sorry if this was already posted but, this is a serious vulnerability given > the wide spread use of PHP, and the plenty of people that have it on by > default that don't actually use it. > > For those that are familiar with http://www.apachetoolbox.com, a build tool > for apache, It was patched at 8:46 this morning: > > v1.5.59 07/22/02 > PDFLib patch sent in by Dominique Massonie. Updated PHP > to v4.2.2. > > Venerability Text from PHP site: > > http://www.php.net/release_4_2_2.php > > Issued on: July 22, 2002 > Software: PHP versions 4.2.0 and 4.2.1 > Platforms: All > > > The PHP Group has learned of a serious security vulnerability in PHP > versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary code > with the privileges of the web server. This vulnerability may be exploited > to compromise the web server and, under certain conditions, to gain > privileged access. > > Description > PHP contains code for intelligently parsing the headers of HTTP POST > requests. The code is used to differentiate between variables and files sent > by the user agent in a "multipart/form-data" request. This parser has > insufficient input checking, leading to the vulnerability. > > The vulnerability is exploitable by anyone who can send HTTP POST requests > to an affected web server. Both local and remote users, even from behind > firewalls, may be able to gain privileged access. > > Impact > Both local and remote users may exploit this vulnerability to compromise the > web server and, under certain conditions, to gain privileged access. So far > only the IA32 platform has been verified to be safe from the execution of > arbitrary code. The vulnerability can still be used on IA32 to crash PHP > and, in most cases, the web server. > > Solution > The PHP Group has released a new PHP version, 4.2.2, which incorporates a > fix for the vulnerability. All users of affected PHP versions are encouraged > to upgrade to this latest version. The downloads web site at > > http://www.php.net/downloads.php > has the new 4.2.2 source tarballs, Windows binaries and source patches from > 4.2.0 and 4.2.1 available for download. > > Workaround > If the PHP applications on an affected web server do not rely on HTTP POST > input from user agents, it is often possible to deny POST requests on the > web server. > > In the Apache web server, for example, this is possible with the following > code included in the main configuration file or a top-level .htaccess file: > > <Limit POST> > Order deny,allow > Deny from all > </Limit> > > Note that an existing configuration and/or .htaccess file may have > parameters contradicting the example given above. > > Credits > The PHP Group would like to thank Stefan Esser of e-matters GmbH for > discovering this vulnerability. e-matters GmbH has also released an > independent advisory, describing the vulnerability in more detail. > > -- > Paul Tinsley > paul.tinsley@...ve.com > _______________________________________________ > Full-Disclosure - We believe in it. > Full-Disclosure@...ts.netsys.com > http://lists.netsys.com/mailman/listinfo/full-disclosure > >
Powered by blists - more mailing lists