ID: 15736 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Closed Bug Type: Unknown/Other Function Operating System: All UNIX PHP Version: 4.1.1 New Comment:
I was wrong, the exploit is fixed. Rasmus fixed just one segfault. Previous Comments: ------------------------------------------------------------------------ [2002-02-28 12:46:48] [EMAIL PROTECTED] Shouldn't the patch on the downloads page also include this patch by Rasmus? http://cvs.php.net/diff.php/php4/main/rfc1867.c?r1=1.71.2.2&r2=1.71.2.3&ty=u ------------------------------------------------------------------------ [2002-02-28 02:27:52] [EMAIL PROTECTED] ..and I take this back, it's fixed in CVS but not in any release. ------------------------------------------------------------------------ [2002-02-28 02:11:04] [EMAIL PROTECTED] This bug has already been fixed in the latest released version of PHP, which you can download at http://www.php.net/downloads.php ------------------------------------------------------------------------ [2002-02-27 20:54:47] [EMAIL PROTECTED] The patch for file rfc1867.c applied to php 4.0.6 seems to not work when trying to upload from Opera 6.01 (on Windows). Uploading in Internet Explorer (6.0) seems to work allright, whereas uploading with Opera simply either times out or just fails (without any errors). ------------------------------------------------------------------------ [2002-02-26 13:41:58] [EMAIL PROTECTED] Well, the part of doing this before Apache demotes its priviledges doesn't sound feasible to me. Apache forks child processes as a non-privileged user. You can't get it to serve up a PHP request as root. And if you could, then why use a "high port" as you mentioned? We will however have a fix for the file upload buffer overflow shortly. In the meantime, simply turn off file uploads in your php.ini file to protect yourself against this. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/15736 -- Edit this bug report at http://bugs.php.net/?id=15736&edit=1
