ID: 15736 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Closed Bug Type: Unknown/Other Function Operating System: All UNIX PHP Version: 4.1.1 New Comment:
This bug has already been fixed in the latest released version of PHP, which you can download at http://www.php.net/downloads.php Previous Comments: ------------------------------------------------------------------------ [2002-02-27 20:54:47] [EMAIL PROTECTED] The patch for file rfc1867.c applied to php 4.0.6 seems to not work when trying to upload from Opera 6.01 (on Windows). Uploading in Internet Explorer (6.0) seems to work allright, whereas uploading with Opera simply either times out or just fails (without any errors). ------------------------------------------------------------------------ [2002-02-26 13:41:58] [EMAIL PROTECTED] Well, the part of doing this before Apache demotes its priviledges doesn't sound feasible to me. Apache forks child processes as a non-privileged user. You can't get it to serve up a PHP request as root. And if you could, then why use a "high port" as you mentioned? We will however have a fix for the file upload buffer overflow shortly. In the meantime, simply turn off file uploads in your php.ini file to protect yourself against this. ------------------------------------------------------------------------ [2002-02-26 13:34:46] [EMAIL PROTECTED] I am trying to get the source code, or at least an strace of the binary used for this exploit. ------------------------------------------------------------------------ [2002-02-26 13:31:53] [EMAIL PROTECTED] There's a security exploit for php that gives you remote root by binding a rootshell to a high port. Exploits php before apache demotes its privledges. Looks like it uses the POST method. Buffer overflow. I don't have the program (binary) available as a friend of mine had limited access to it. BUt it affect ALL versions of php. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=15736&edit=1
