From: [EMAIL PROTECTED] Operating system: All UNIX PHP version: 4.1.1 PHP Bug Type: Unknown/Other Function Bug description: Security Exploit
There's a security exploit for php that gives you remote root by binding a rootshell to a high port. Exploits php before apache demotes its privledges. Looks like it uses the POST method. Buffer overflow. I don't have the program (binary) available as a friend of mine had limited access to it. BUt it affect ALL versions of php. -- Edit bug report at http://bugs.php.net/?id=15736&edit=1 -- Fixed in CVS: http://bugs.php.net/fix.php?id=15736&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=15736&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=15736&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=15736&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=15736&r=support Expected behavior: http://bugs.php.net/fix.php?id=15736&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=15736&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=15736&r=submittedtwice
