ID: 15736 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Unknown/Other Function Operating System: All UNIX PHP Version: 4.1.1 New Comment:
Well, the part of doing this before Apache demotes its priviledges doesn't sound feasible to me. Apache forks child processes as a non-privileged user. You can't get it to serve up a PHP request as root. And if you could, then why use a "high port" as you mentioned? We will however have a fix for the file upload buffer overflow shortly. In the meantime, simply turn off file uploads in your php.ini file to protect yourself against this. Previous Comments: ------------------------------------------------------------------------ [2002-02-26 13:34:46] [EMAIL PROTECTED] I am trying to get the source code, or at least an strace of the binary used for this exploit. ------------------------------------------------------------------------ [2002-02-26 13:31:53] [EMAIL PROTECTED] There's a security exploit for php that gives you remote root by binding a rootshell to a high port. Exploits php before apache demotes its privledges. Looks like it uses the POST method. Buffer overflow. I don't have the program (binary) available as a friend of mine had limited access to it. BUt it affect ALL versions of php. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=15736&edit=1
