I haven't seen this on Bugtraq yet, so does anyone have clues about
this?
Devdas Bhagat
----- Forwarded message from "Van Beerschoten, Stephan"
<[EMAIL PROTECTED]> -----
From: "Van Beerschoten, Stephan" <[EMAIL PROTECTED]>
Date: Wed, 27 Feb 2002 14:14:24 -0000
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>,
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>,
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: FW: HEADS UP: Security Alert For Apache / PHP Webservers
X-Mailer: Internet Mail Service (5.5.2653.19)
I usually don't mail from my corporate account, but this needs some fast
fixing on almost all FreeBSD/apache/php servers.
-Stephan
> -----Original Message-----
> From: Bandell, Yaron
> Sent: woensdag 27 februari 2002 15:12
> To: Van Beerschoten, Stephan
> Subject: FW: HEADS UP: Security Alert For Apache / PHP Webservers
>
>
> Damn, dit keer geen IIS buffer overflow exploit :(
>
> -----Original Message-----
> From: Boyce, Nick
> Sent: woensdag 27 februari 2002 14:40
> To: EMEA WebMaster
> Subject: HEADS UP: Security Alert For Apache / PHP Webservers
>
> Security Alert - Apache/PHP - Release Date 27.Feb.2002 - Severe
>
> A security alert has been released relating to a remotely exploitable
> security hole in PHP, and information is cirulating on public mailing
> lists about methods & tools for exploiting the hole. The problem is not
> in Apache itself, but in the optional PHP scripting module. This module
> is widely used by Apache sites (it's the equivalent of IIS/ASP for Apache
> sites), but is not always installed.
>
> The hole (holes actually - there are multiple problems) is/are serious and
> allow(s) remote compromise (of the user running the webserver - maybe of
> root - it's not imediately clear to me). A fixed version of PHP has been
> produced and is available from http://www.php.net.
>
> Full details are at http://security.e-matters.de/advisories/012002.html,
> but here's an extract :
>
> Overview
>
> We found several flaws in the way PHP handles multipart/form-data
> POST requests. Each of the flaws could allow an attacker to execute
> arbitrary code on the victim's system.
>
>
> Details
>
> PHP supports multipart/form-data POST requests (as described in
> RFC1867) known as POST fileuploads. Unfourtunately there are several flaws
> in the php_mime_split function that could be used by an attacker to
> execute arbitrary code. During our research we found out that not only
> PHP4 but also older versions from the PHP3 tree are vulnerable.
> [snip]
> Finally I want to mention that most of these vulnerabilities are
> exploitable only on linux or solaris. But the heap off by one is only
> exploitable on x86 architecture and the arbitrary heap overflow in PHP3 is
> exploitable on most OS and architectures. (This includes *BSD)
>
>
> Nick
> EDS Southwest Solution Centre, Bristol, UK
> Internet email: [EMAIL PROTECTED] | tel: +44 117 989 2941
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-isp" in the body of the message
----- End forwarded message -----
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
