Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
PHP vuln
arboi at noos
Jul 22, 2002, 11:57 AM
Post #1 of 3 (742 views)
Permalink
Does anybody have more information on this ?
If not, we can modify php_file_upload.nasl - it just checks the
banner.

--------------------------------------------
Issued on: July 22, 2002
Software: PHP versions 4.2.0 and 4.2.1
Platforms: All


The PHP Group has learned of a serious security vulnerability in PHP
versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary
code with the privileges of the web server. This vulnerability may be
exploited to compromise the web server and, under certain conditions,
to gain privileged access.
--------------------------------------------
Re: PHP vuln [ In reply to ]
j_lampe at bellsouth
Jul 22, 2002, 7:11 AM
Post #2 of 3 (721 views)
Permalink
there is also a DoS bug in the repeated querying of the php interpreter...a
snippet from post this morning:

A problem exists in PHP; specifically, it does not terminate when given no

command-line arguments. A consistent flow of requests like the above will

exhaust all resources for CGI/ASAPI on the server.

Exploit: http://www.murphy.101main.net/php-apache.c



the "exploit" link from above is dead. I'm guessing that the program just
keeps sending "GET /host/php/php" until the server dies...??

John Lampe
https://f00dikator.hn.org/

"Knowledge will forever govern ignorance, and a people who mean to be their
own governors, must arm themselves with the power knowledge gives. A popular
government without popular information or the means of acquiring it, is but
a prologue to a farce or a tragedy or perhaps both."
--James Madison

----- Original Message -----
From: "Renaud Deraison" <deraison@nessus.org>
To: <plugins-writers@list.nessus.org>
Sent: Monday, July 22, 2002 8:13 PM
Subject: Re: PHP vuln


On Mon, Jul 22, 2002 at 08:57:33PM +0200, Michel Arboi wrote:
> Does anybody have more information on this ?


I already released php_4_2_x_POST_dos.nasl, which only checks the
banner. I sent an email to the author of the advisory for details, but
I did not receive any response at this time.


> If not, we can modify php_file_upload.nasl - it just checks the
> banner.


That's a different issue, this involves the writing of a different
plugin.
Re: PHP vuln [ In reply to ]
deraison at nessus
Jul 22, 2002, 12:13 PM
Post #3 of 3 (720 views)
Permalink
On Mon, Jul 22, 2002 at 08:57:33PM +0200, Michel Arboi wrote:
> Does anybody have more information on this ?


I already released php_4_2_x_POST_dos.nasl, which only checks the
banner. I sent an email to the author of the advisory for details, but
I did not receive any response at this time.


> If not, we can modify php_file_upload.nasl - it just checks the
> banner.


That's a different issue, this involves the writing of a different
plugin.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal