Date: Wed, 27 Feb 2002 14:14:24 -0000 From: "Van Beerschoten, Stephan" <stephan.vanbeerschoten@eds.com> To: "'security@freebsd.org'" <security@freebsd.org>, "'isp@freebsd.org'" <isp@freebsd.org>, "'ports@freebsd.org'" <ports@freebsd.org> Subject: FW: HEADS UP: Security Alert For Apache / PHP Webservers Message-ID: <DC21C58FDD6FD511952A0002A55CAD634E7874@nlspm003.nl.eds.com>
next in thread | raw e-mail | index | archive | help
I usually don't mail from my corporate account, but this needs some fast fixing on almost all FreeBSD/apache/php servers. -Stephan > -----Original Message----- > From: Bandell, Yaron > Sent: woensdag 27 februari 2002 15:12 > To: Van Beerschoten, Stephan > Subject: FW: HEADS UP: Security Alert For Apache / PHP Webservers > > > Damn, dit keer geen IIS buffer overflow exploit :( > > -----Original Message----- > From: Boyce, Nick > Sent: woensdag 27 februari 2002 14:40 > To: EMEA WebMaster > Subject: HEADS UP: Security Alert For Apache / PHP Webservers > > Security Alert - Apache/PHP - Release Date 27.Feb.2002 - Severe > > A security alert has been released relating to a remotely exploitable > security hole in PHP, and information is cirulating on public mailing > lists about methods & tools for exploiting the hole. The problem is not > in Apache itself, but in the optional PHP scripting module. This module > is widely used by Apache sites (it's the equivalent of IIS/ASP for Apache > sites), but is not always installed. > > The hole (holes actually - there are multiple problems) is/are serious and > allow(s) remote compromise (of the user running the webserver - maybe of > root - it's not imediately clear to me). A fixed version of PHP has been > produced and is available from http://www.php.net. > > Full details are at http://security.e-matters.de/advisories/012002.html, > but here's an extract : > > Overview > > We found several flaws in the way PHP handles multipart/form-data > POST requests. Each of the flaws could allow an attacker to execute > arbitrary code on the victim's system. > > > Details > > PHP supports multipart/form-data POST requests (as described in > RFC1867) known as POST fileuploads. Unfourtunately there are several flaws > in the php_mime_split function that could be used by an attacker to > execute arbitrary code. During our research we found out that not only > PHP4 but also older versions from the PHP3 tree are vulnerable. > [snip] > Finally I want to mention that most of these vulnerabilities are > exploitable only on linux or solaris. But the heap off by one is only > exploitable on x86 architecture and the arbitrary heap overflow in PHP3 is > exploitable on most OS and architectures. (This includes *BSD) > > > Nick > EDS Southwest Solution Centre, Bristol, UK > Internet email: nick.boyce@eds.com | tel: +44 117 989 2941 > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DC21C58FDD6FD511952A0002A55CAD634E7874>