[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Red Hat 7.x PHP confusion

From: Ville Herva <vherva viasys com>
To: Discussion of the Fedora Legacy Project <fedora-legacy-list redhat com>
Subject: Re: Red Hat 7.x PHP confusion
Date: Thu, 18 Mar 2004 14:24:40 +0200

On Thu, Mar 18, 2004 at 10:21:12AM +0200, you [Ville Herva] wrote:
>
> > Your research seems good enough to convince me.
> 
> But I found nothing explicit to suggest php-4.1.2-7.x.6 is vulnerable...

Well, getting my off lazy ass...

I ran the bugtraq proof-of-concept-exploits
(http://www.securityfocus.com/bid/{7187,7197,7198,7199,7210}/exploit/) for a
box that runs php-4.1.2-7.x.6. Here are the results:

 7210: does nothing
 7199: no proof-of-concept exploit
 7198: crashes httpd ("[notice] child pid 23937 exit signal Segmentation fault (11)")
 7197: does nothing ("Warning: socket_recv() expects exactly 2 parameters, 4 given in /data/www/intra/cgi-bin/uggabugga/exploit7197.php on line 3")
 7187: crahes httpd ("[notice] child pid 10276 exit signal Segmentation fault (11)")

So it is vulnerable, and likely exploitable, too.

As these are local privilege escalations only, I'm not overly worried.

-- v -- 

v iki fi

References:
- Security GPG Key question
  - From: ral77
- Red Hat 7.x PHP confusion
  - From: Ville Herva
- Re: Red Hat 7.x PHP confusion
  - From: Chris Spencer
- Re: Red Hat 7.x PHP confusion
  - From: Ville Herva

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]