mmm... anyone wanna start a pool on when the first worm shows up? =jay
> -----Original Message----- > From: Boyce, Nick > Sent: woensdag 27 februari 2002 14:40 > To: EMEA WebMaster > Subject: HEADS UP: Security Alert For Apache / PHP Webservers > > Security Alert - Apache/PHP - Release Date 27.Feb.2002 - Severe > > A security alert has been released relating to a remotely exploitable > security hole in PHP, and information is cirulating on public mailing > lists about methods & tools for exploiting the hole. The problem is not > in Apache itself, but in the optional PHP scripting module. This module > is widely used by Apache sites (it's the equivalent of IIS/ASP for Apache > sites), but is not always installed. > > The hole (holes actually - there are multiple problems) is/are serious and > allow(s) remote compromise (of the user running the webserver - maybe of > root - it's not imediately clear to me). A fixed version of PHP has been > produced and is available from http://www.php.net. > > Full details are at http://security.e-matters.de/advisories/012002.html, > but here's an extract : > > Overview > > We found several flaws in the way PHP handles multipart/form-data > POST requests. Each of the flaws could allow an attacker to execute > arbitrary code on the victim's system. > > > Details > > PHP supports multipart/form-data POST requests (as described in > RFC1867) known as POST fileuploads. Unfourtunately there are several flaws > in the php_mime_split function that could be used by an attacker to > execute arbitrary code. During our research we found out that not only > PHP4 but also older versions from the PHP3 tree are vulnerable. > [snip] > Finally I want to mention that most of these vulnerabilities are > exploitable only on linux or solaris. But the heap off by one is only > exploitable on x86 architecture and the arbitrary heap overflow in PHP3 is > exploitable on most OS and architectures. (This includes *BSD) _______________________________________________ Bits mailing list [EMAIL PROTECTED] http://www.sugoi.org/mailman/listinfo/bits
