Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web

from [Tõnu Samuel] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
Date: Tue, 28 Mar 2006 20:51:00 +0300 
On Tuesday 28 March 2006 15:55, Tõnu Samuel wrote:

Hi everybody!

I want to tell that pretty nasty bug was discovered in PHP (all tested
versions were vulnerable). I do not want to disclose much details as it may
hurt many websites. I expect PHP team to make patch first.

There is simple way to protect yourself against this bug if you put some
code in beginning of every source code looking for weird ASCII bytes before
any other code. Make some kind of "white-list" for characters you allow and
deny everything else.


I got lot of mails about topic, so I try to make FAQ here.

Q: Is it remote or local exploit?
A: Both. Works 100% for local and less for remote.

Q: Looking weird ascii WHERE?
A: in $_GET, $_POST, $_COOKIE and $_REQUEST. This should help in most cases.

Q: Why did you posted so few information?
A: More seems to be dangerous. I hope this case it is possible to fight 
problem before real 0day is coming out.

Q: Which exact PHP versions are affected?
A: I believe ALL of them. I am running 5.0.4 coming with SuSE 10 and all 
updates but I received reports for other distributions and PHP 4 and 5 both 
are vulnerable.

One more thing - many people mail me from public webmail accounts telling "I 
am the admin of big bank, can you tell details?". Sorry, I do not know if you 
are real or not. 

   Tõnu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Secunia Research: Blazix Web Server JSP Source Code Disclosure Vulnerability, Secunia Research
Next by Date:  Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Casper . Dik
Previous by Thread:  [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data, Tõnu Samuel
Next by Thread:  [Full-disclosure] Re: Critical PHP bug - act ASAP if you are runningweb with sensitive data, FuntKlakow
Indexes:  [Date] [Thread] [Top] [All Lists]