lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <000d01c232df$70d94c20$1400020a@chaser>
From: listuser at seifried.org (Kurt Seifried)
Subject: PHP Resource Exhaustion Denial of Service

Perhaps you could put this on a site that is available? I have had no luck
accessing  http://www.murphy.101main.net/php-apache.c. Alternatively if you
could email it to me I would appreciate it.

Kurt Seifried, kurt@...fried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/


----- Original Message -----
From: "Matthew Murphy" <mattmurphy@...rr.com>
To: "BugTraq" <bugtraq@...urityfocus.com>; "SecurITeam News"
<news@...uriteam.com>; "Full Disclosure" <full-disclosure@...ts.netsys.com>
Sent: Saturday, July 20, 2002 7:45 PM
Subject: [Full-Disclosure] PHP Resource Exhaustion Denial of Service


> The PHP interpreter is a heavy-duty CGI EXE (or SAPI module, depending on
> configuration) that implements an HTML-embedded script language.  A
> vulnerability in PHP can be used to cause a denial of service in some
cases.
>
> PHP's install process on Apache requires a "/php/" alias to be created, as
> it resolves CGI paths to a virtual.  (e.g, /php/php.exe not
C:\php\php.exe).
>
> To solve the obvious security vulnerability posed by allowing PHP to run
> from the web, the development team added a cgi.force_redirect option that
is
> enabled by default in Apache.
>
> However, regardless of the force_redirect value, it is still possible to
> load the binary without a script path:
>
> (e.g, http://localhost/php/php)
>
> A problem exists in PHP; specifically, it does not terminate when given no
> command-line arguments.  A consistent flow of requests like the above will
> exhaust all resources for CGI/ASAPI on the server.
>
> Exploit: http://www.murphy.101main.net/php-apache.c
>
> I tried to make sure this would run on Linux/BSD, but no guarantees...
> Compiles cleanly on WinMe with MSVC 6.0.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Full-Disclosure@...ts.netsys.com
> http://lists.netsys.com/mailman/listinfo/full-disclosure
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ