FWI
The exploit might just be a twisted story. It could be that they mean the
story below, which is an exploit in PHP, not in apache itself.
regards
---------- Forwarded Message ----------
Subject: Re: Rumours about Apache 1.3.22 exploits
Date: Mon, 25 Feb 2002 07:32:15 -0600
From: H D Moore <hdm@digitaloffense.net>
To: <fractalg@highspeedweb.net>, <vuln-dev@securityfocus.com>
On Saturday 23 February 2002 06:12 pm, Pedro Hugo wrote:
> There are rumours about an exploit for apache 1.3.22 at least...
> Don't have yet details on it...
> Anyone else heard about it ?
Disclaimer: I have no exploits, dont ask for any. If you really want
details, do a source diff on php 4.0.6 and 4.1.x for rfc1687.c.
There is a bug in the php_split_mime function in PHP 3.x and 4.x. There is a
working exploit floating around which provides a remote bindshell for PHP
versions 4.0.1 to 4.0.6 with a handful of default offsets for different
platforms. Since the PHP developers commited another change to the affected
source file (rfc1687.c) about two days ago, speculation is that there is yet
another remote exploit. There are tools floating around whch demonstrate
numerous SEGV's in the PHP module, not only in the mime decoder...
Exploits have been floating around for at least 2 months, you would think
someone would step up and shed some light on this to the general public by
now. The sad thing is that certain folks in the "security industry" have
known about this for almost as long as there have been exploits, yet nothing
was ever made public.
-------------------------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
The exploit might just be a twisted story. It could be that they mean the
story below, which is an exploit in PHP, not in apache itself.
regards
---------- Forwarded Message ----------
Subject: Re: Rumours about Apache 1.3.22 exploits
Date: Mon, 25 Feb 2002 07:32:15 -0600
From: H D Moore <hdm@digitaloffense.net>
To: <fractalg@highspeedweb.net>, <vuln-dev@securityfocus.com>
On Saturday 23 February 2002 06:12 pm, Pedro Hugo wrote:
> There are rumours about an exploit for apache 1.3.22 at least...
> Don't have yet details on it...
> Anyone else heard about it ?
Disclaimer: I have no exploits, dont ask for any. If you really want
details, do a source diff on php 4.0.6 and 4.1.x for rfc1687.c.
There is a bug in the php_split_mime function in PHP 3.x and 4.x. There is a
working exploit floating around which provides a remote bindshell for PHP
versions 4.0.1 to 4.0.6 with a handful of default offsets for different
platforms. Since the PHP developers commited another change to the affected
source file (rfc1687.c) about two days ago, speculation is that there is yet
another remote exploit. There are tools floating around whch demonstrate
numerous SEGV's in the PHP module, not only in the mime decoder...
Exploits have been floating around for at least 2 months, you would think
someone would step up and shed some light on this to the general public by
now. The sad thing is that certain folks in the "security industry" have
known about this for almost as long as there have been exploits, yet nothing
was ever made public.
-------------------------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org