Mailing List Archive

Security alert: PHP 5.4.3 windows version upload exploit
** Keine Antwort erforderlich ** no reply needed **

FYI:
I just received the following information

http://www.heise.de/newsticker/meldung/Ungepatche-Luecke-in-aktueller-PHP-Version-1580790.html
(German)
https://isc.sans.edu/diary.html?storyid=13255

"Clarifications/Updates to the original diary:

- This is NOT remote exploitable. An exploit would require the attacker
to upload PHP code to the server, at which point, the attacker could
just use PHP to run shell commands via "exec".

- only the windows version is vulnerable"

"There is a remote exploit in the wild for PHP 5.4.3 in Windows, which
takes advantage of a vulnerability in the com_print_typeinfo
<http://php.net/manual/en/function.com-print-typeinfo.php> function. The
php engine needs to execute the malicious code, which can include any
shellcode like the the ones that bind a shell to a port."

** Keine Antwort erforderlich ** no reply needed **
Re: Security alert: PHP 5.4.3 windows version upload exploit [ In reply to ]
Got to love code like this: http://www.exploit-db.com/exploits/18861/

— Patrick

On Mon, May 21, 2012 at 1:21 PM, Thomas Gries <mail@tgries.de> wrote:
> ** Keine Antwort erforderlich ** no reply needed **
>
> FYI:
> I just received the following information
>
> http://www.heise.de/newsticker/meldung/Ungepatche-Luecke-in-aktueller-PHP-Version-1580790.html
> (German)
> https://isc.sans.edu/diary.html?storyid=13255
>
> "Clarifications/Updates to the original diary:
>
> - This is NOT remote exploitable. An exploit would require the attacker
> to upload PHP code to the server, at which point, the attacker could
> just use PHP to run shell commands via "exec".
>
> - only the windows version is vulnerable"
>
> "There is a remote exploit in the wild for PHP 5.4.3 in Windows, which
> takes advantage of a vulnerability in the com_print_typeinfo
> <http://php.net/manual/en/function.com-print-typeinfo.php> function. The
> php engine needs to execute the malicious code, which can include any
> shellcode like the the ones that bind a shell to a port."
>
> ** Keine Antwort erforderlich ** no reply needed **
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l