PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Issued on: July 22, 2002
Software: PHP versions 4.2.0 and 4.2.1
Platforms: All
The PHP Group has learned of a serious security vulnerability in PHP
versions 4.2.0 and 4.2.1. An intruder may be able to execute
e-matters GmbH
www.e-matters.de
-= Security Advisory =-
Advisory: Remote Compromise/DOS Vulnerability in PHP
Release Date: 2002/07/22
Last Modified: 2002/07/22
Author: Stefan Esser [[EMAIL PROTECTED]]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Title: Pyramid BenHur Firewall active FTP portfilter ruleset
results in a firewall leak
Advisory-ID: ae-200207-028
Published: 22 Jul 2002
URLs:
This advisory
Hi Matthew,
[...]
Then an attack would be conducted that would add the hd virtual root and
point it to C:\.
This occurs because, even though the page content originated elsewhere,
the request to submit the form originated from the client sitting on the
BadBlue
machine.
Pablo Sofware Solutions FTP server Directory Traversal Vulnerability
.oO Overview Oo.
Pablo Software Solutions FTP server version 1.0 build 9 shows files and
directories that reside outside the normal FTP root directory.
Discovered on 2002, July, 20th
Vendor: Pablo Software Solutions
Ettercap has had this ability for months:
$ cat etter.filter.ssh
# #
# ettercap -- etter.filter -- filter chain file #
-BEGIN PGP SIGNED MESSAGE-
CERT Advisory CA-2002-21 Vulnerability in PHP
Original release date: July 22, 2002
Last revised: --
Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
* Systems running PHP versions 4.2.0 or
SecureReality is pleased to announce the availability of version 0.2 of
injectso. injectso is a tool that can be used to inject shared libraries
into running processes on Linux (x86/IA32 and Sparc) and Solaris
(Sparc). It also provides routines that can be used by injected
libraries to easily