[PHP] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1

2002-07-22 Thread Steve Meyers 

Can you post this to php.announce as well?

Marko Karppinen wrote:

 
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
 
 
 Issued on: July 22, 2002
 Software:  PHP versions 4.2.0 and 4.2.1
 Platforms: All
 
 
The PHP Group has learned of a serious security vulnerability in PHP
versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary
code with the privileges of the web server. This vulnerability may be
exploited to compromise the web server and, under certain conditions,
to gain privileged access.
 
 
 Description
 
PHP contains code for intelligently parsing the headers of HTTP POST
requests. The code is used to differentiate between variables and files
sent by the user agent in a multipart/form-data request. This parser
has insufficient input checking, leading to the vulnerability.
 
The vulnerability is exploitable by anyone who can send HTTP POST
requests to an affected web server. Both local and remote users, even
from behind firewalls, may be able to gain privileged access.
 
 
 Impact
 
Both local and remote users may exploit this vulnerability to
compromise the web server and, under certain conditions, to gain
privileged access. So far only the IA32 platform has been verified to
be safe from the execution of arbitrary code. The vulnerability can
still be used on IA32 to crash PHP and, in most cases, the web server.
 
 
 Solution
 
The PHP Group has released a new PHP version, 4.2.2, which incorporates
a fix for the vulnerability. All users of affected PHP versions are
encouraged to upgrade to this latest version. The downloads web site at
 
   http://www.php.net/downloads.php

has the new 4.2.2 source tarballs, Windows binaries and source patches
from 4.2.0 and 4.2.1 available for download.
  
  
 Workaround
 
If the PHP applications on an affected web server do not rely on HTTP
POST input from user agents, it is often possible to deny POST requests
on the web server.
 
In the Apache web server, for example, this is possible with the
following code included in the main configuration file or a top-level
.htaccess file:
 
   Limit POST
   Order deny,allow
   Deny from all
   /Limit
 
Note that an existing configuration and/or .htaccess file may have
parameters contradicting the example given above.
 
  
 Credits
 
The PHP Group would like to thank Stefan Esser of e-matters GmbH for
discovering this vulnerability.

 
 Copyright (c) 2002 The PHP Group.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Post XML to PHP via XMLHTTP VB Object

2001-05-01 Thread Steve Meyers 

Try using the $HTTP_RAW_POST_DATA array.

--

Steve Meyers
[EMAIL PROTECTED]

PHP [EMAIL PROTECTED] wrote in message
9clmgq$2fc$[EMAIL PROTECTED]">news:9clmgq$2fc$[EMAIL PROTECTED]...
 Hi,

 I'm trying to the MSXML DOM 3 from Visual Basic  and send XML to a PHP
page
 that sits on my Apache web server on SCO Unix.

 This is my VB Code:

 Dim xmlstr As New XMLHTTP30
 Dim sXML As String
 sXML = Content-Type: text/xml;
 sXML = sXML  ?xml version=1.0?
 sXML = sXML  commandcommandtextInitialize/commandtext
 sXML = sXML  returnsdataTrue/returnsdata
 sXML = sXML  /command

 xmlstr.open POST, http://mywebserver/somepage.php;, False
 xmlstr.send sXML
 Set xmlstr = Nothing

 Pretty basic stuff. This succeeds, and at the Apache server level, in the
 logs I can see the POST request go through. In the file somepage.php -
all
 I'm doing is running phpinfo() to see what the server thinks it's
receiving.

 ?
 phpinfo();
 ?

 Back at the VB level, I can see xmlstr.responseText which is the output
from
 phpinfo();

 I am not getting any HTTP_POST_VARS like I expected to receive.

 Has anyone done anything like this before? Is this mainly an issue with
 Apache rather than PHP?

 Thanks,
 Sam




 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] set_error_handler()

2001-02-20 Thread Steve Meyers 

I was thrilled to see the set_error_handler() functionality in PHP4, however
we are having trouble implementing it because it cannot trap parse errors.
Basically, we need to log any errors that occur to a MySQL database.  In
PHP3, we did this by hacking the source.
 
Steve Meyers
Build Manager
MyComputer.com
 
Our Tools.  Your Site.