Red Hat 7.x PHP confusion
Ville Herva
vherva at viasys.com
Thu Mar 18 12:24:40 UTC 2004
On Thu, Mar 18, 2004 at 10:21:12AM +0200, you [Ville Herva] wrote:
>
> > Your research seems good enough to convince me.
>
> But I found nothing explicit to suggest php-4.1.2-7.x.6 is vulnerable...
Well, getting my off lazy ass...
I ran the bugtraq proof-of-concept-exploits
(http://www.securityfocus.com/bid/{7187,7197,7198,7199,7210}/exploit/) for a
box that runs php-4.1.2-7.x.6. Here are the results:
7210: does nothing
7199: no proof-of-concept exploit
7198: crashes httpd ("[notice] child pid 23937 exit signal Segmentation fault (11)")
7197: does nothing ("Warning: socket_recv() expects exactly 2 parameters, 4 given in /data/www/intra/cgi-bin/uggabugga/exploit7197.php on line 3")
7187: crahes httpd ("[notice] child pid 10276 exit signal Segmentation fault (11)")
So it is vulnerable, and likely exploitable, too.
As these are local privilege escalations only, I'm not overly worried.
-- v --
v at iki.fi
More information about the fedora-legacy-list
mailing list